Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yahoo Email Virus

Started by cheena71 , Jan 15 2011 06:00 AM

  • This topic is locked This topic is locked

#1
cheena71
Posted 15 January 2011 - 06:00 AM

cheena71

    Member

  • Member
  • PipPip
  • 10 posts
Hello,

My yahoo address book has been hacked and it sends out these links [http://phytokeeper.c...yshop/z493.html cs5 yn u1ol0xp2] and other links with a bunch of letters unbeknownst to my contacts. I have ran OTL, Avast, BitDefender, House Call Trend Micro and Stinger but they come back with no infections. How do I get rid of this? I have had this email for years but more importantly, I'm looking for employment and this email is tied to so many applications and resumes so I'm trying not to close the account.

Please help.

Would you like the log for OTL?

I just looked at some things in my email. In the signature section, it says this:

<div><div><div><div><div><font face="times new roman" size="4"><font face="times new roman"><em><div><em>"One thing I can give and still keep...is my word."</em></div></em></font></font></div></div></div></div> <div id="a"></div> <div id="b" style="VISIBILITY:hidden;"></div> <style type="text/css"></style> </div>

I did not put this here, plus I don't have the signature option checked!

I deleted the that information in the signature section and saved it. It doesn't appear there anymore but I hope it works. Please advise...

Edited by cheena71, 15 January 2011 - 06:18 AM.

  • 0

Advertisements

#2
Essexboy
Posted 15 January 2011 - 09:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - first thing to do is change your e-mail password

Then I will need you to run OTL and post the log

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP
    CREATERESTOREPOINT



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

  • 0

#3
cheena71
Posted 15 January 2011 - 09:47 PM

cheena71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello,

Thank you for assistance. According to your instructions, I ran a regular scan, then cut/paste what you posted, selected "all users" and ran a quick scan. I did not receive an "extra" log however I received the other log. Did I do something wrong?
  • 0

#4
Essexboy
Posted 16 January 2011 - 05:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No you have probaly run OTL previously, I will only get the extra on the first run

Could you post the main OTL log please, also did you change your password on Yahoo
  • 0

#5
cheena71
Posted 16 January 2011 - 06:08 AM

cheena71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Yes, I did change my password for Yahoo. I will post the OTL and Extra logs:

Extra

OTL Extras logfile created on: 1/15/2011 6:48:46 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Wendy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 264.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43.88 Gb Total Space | 13.49 Gb Free Space | 30.74% Space Free | Partition Type: FAT32
Drive D: | 44.37 Gb Total Space | 44.37 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: WENDYTHOMPSON | User Name: Wendy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\WINDOWS\EXPLORER.EXE" = C:\WINDOWS\EXPLORER.EXE:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*:Enabled:reader_sl
"C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe:*:Enabled:eDSloader -- (HiTRUST)
"C:\WINDOWS\System32\WgaTray.exe" = C:\WINDOWS\System32\WgaTray.exe:*:Enabled:WgaTray -- (Microsoft Corporation)
"C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" = C:\Acer\Empowering Technology\eRecovery\eRAgent.exe:*:Enabled:eRAgent -- (Acer Inc.)
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" = C:\Program Files\Alwil Software\Avast5\AvastUI.exe:*:Enabled:avastUI -- (AVAST Software)
"C:\Program Files\Launch Manager\QtZgAcer.EXE" = C:\Program Files\Launch Manager\QtZgAcer.EXE:*:Enabled:QtZgAcer -- (Dritek System Inc.)
"C:\Documents and Settings\Wendy\Local Settings\Temp\RtkBtMnt.exe" = C:\Documents and Settings\Wendy\Local Settings\Temp\RtkBtMnt.exe:*:Enabled:RtkBtMnt -- (Realtek Semiconductor Corp.)
"C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" = C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe:*:Enabled:PrintScreen -- (Gadwin Systems, Inc)
"C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" = C:\Acer\Empowering Technology\ePower\ePower_DMC.exe:*:Enabled:ePower_DMC -- ()
"C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" = C:\Acer\Empowering Technology\ePresentation\ePresentation.exe:*:Enabled:ePresentation -- (Acer Inc.)
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE" = C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE:*:Enabled:CLI -- (ATI Technologies Inc.)
"C:\WINDOWS\System32\regsvr32.exe" = C:\WINDOWS\System32\regsvr32.exe:*:Enabled:regsvr32 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{574BCD50-5D18-4F70-B038-51066F229E07}" = ATI Catalyst Control Center
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEFC581D-BEAE-4F75-989E-BD931970D8AD}" = BitDefender Free Edition v10
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"100 Beautiful Flowers Vol. 1" = 100 Beautiful Flowers Vol. 1 Screen Saver
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"avast5" = avast! Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025010F" = HDAUDIO Soft Data Fax Modem with SmartCP
"FreeRummy" = 100% Free Rummy 7.30
"FreeSpades" = 100% Free Spades 7.30
"FrostWire" = FrostWire 4.21.2
"Gadwin PrintScreen" = Gadwin PrintScreen
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3079
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire 4.18.8
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MOS-EXP Practice Exam Testing Engine Software_is1" = Practice Exam Package Demo 1.0 from Pass-Guaranteed.com
"MSNINST" = MSN
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinASO Registry Optimizer 4.5.5_is1" = WinASO Registry Optimizer 4.5.5
"WinASO Registry Optimizer 4.6.0_is1" = WinASO Registry Optimizer 4.6.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe ConnectNow" = Adobe ConnectNow
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/2/2011 3:05:51 PM | Computer Name = WENDYTHOMPSON | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/2/2011 3:24:02 PM | Computer Name = WENDYTHOMPSON | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/3/2011 9:59:54 AM | Computer Name = WENDYTHOMPSON | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/5/2011 1:25:03 PM | Computer Name = WENDYTHOMPSON | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/5/2011 1:43:24 PM | Computer Name = WENDYTHOMPSON | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/14/2011 4:13:26 AM | Computer Name = WENDYTHOMPSON | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/14/2011 4:17:46 AM | Computer Name = WENDYTHOMPSON | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/14/2011 4:35:43 AM | Computer Name = WENDYTHOMPSON | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/14/2011 4:43:47 AM | Computer Name = WENDYTHOMPSON | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/14/2011 4:52:25 AM | Computer Name = WENDYTHOMPSON | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 1/14/2011 5:10:37 AM | Computer Name = WENDYTHOMPSON | Source = Service Control Manager | ID = 7000
Description = The bdfdll service failed to start due to the following error: %%2

Error - 1/14/2011 5:10:39 AM | Computer Name = WENDYTHOMPSON | Source = Service Control Manager | ID = 7000
Description = The BDFsDrv service failed to start due to the following error: %%2

Error - 1/14/2011 5:10:39 AM | Computer Name = WENDYTHOMPSON | Source = Service Control Manager | ID = 7000
Description = The BDRsDrv service failed to start due to the following error: %%2

Error - 1/14/2011 6:34:41 AM | Computer Name = WENDYTHOMPSON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 1/14/2011 11:39:31 PM | Computer Name = WENDYTHOMPSON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec Core LC service.

Error - 1/15/2011 2:44:08 AM | Computer Name = WENDYTHOMPSON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 1/15/2011 6:42:42 AM | Computer Name = WENDYTHOMPSON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 1/15/2011 7:44:15 AM | Computer Name = WENDYTHOMPSON | Source = Service Control Manager | ID = 7000
Description = The bdfdll service failed to start due to the following error: %%2

Error - 1/15/2011 7:44:16 AM | Computer Name = WENDYTHOMPSON | Source = Service Control Manager | ID = 7000
Description = The BDFsDrv service failed to start due to the following error: %%2

Error - 1/15/2011 7:44:16 AM | Computer Name = WENDYTHOMPSON | Source = Service Control Manager | ID = 7000
Description = The BDRsDrv service failed to start due to the following error: %%2


< End of report >



OTL

OTL logfile created on: 1/15/2011 9:44:53 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Wendy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 421.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43.88 Gb Total Space | 13.38 Gb Free Space | 30.49% Space Free | Partition Type: FAT32
Drive D: | 44.37 Gb Total Space | 44.37 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: WENDYTHOMPSON | User Name: Wendy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/15 06:47:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wendy\Desktop\OTL.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/17 05:49:40 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/12/09 07:08:40 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/26 00:33:16 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/07/11 16:55:40 | 000,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
PRC - [2008/06/05 17:06:32 | 000,125,208 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\common\YMailAdvisor.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/24 13:16:44 | 000,462,848 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe
PRC - [2007/04/02 15:48:40 | 000,290,816 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdmcon.exe
PRC - [2007/03/26 14:49:46 | 000,069,632 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdagent.exe
PRC - [2007/01/19 15:12:56 | 000,081,920 | ---- | M] () -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
PRC - [2006/11/09 12:33:04 | 000,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
PRC - [2006/09/22 16:56:34 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Wendy\Local Settings\Temp\RtkBtMnt.exe
PRC - [2006/09/07 19:52:52 | 000,479,232 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2006/08/30 09:57:34 | 000,442,368 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006/08/29 17:56:22 | 000,020,480 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/08/10 15:00:50 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/08/03 15:34:04 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2006/07/31 21:02:46 | 000,346,112 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006/07/28 10:40:06 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2006/07/25 18:03:44 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/06/01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/01/15 06:47:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wendy\Desktop\OTL.exe
MOD - [2010/12/17 05:50:06 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/09/18 02:53:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/13 20:12:02 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2006/07/05 21:31:58 | 000,167,936 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2006/03/08 17:11:40 | 000,022,016 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2006/03/06 21:25:40 | 000,199,168 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\CryptoAPI.dll
MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2003/03/18 20:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71u.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 03:47:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/26 00:33:16 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/07/11 16:55:40 | 000,278,528 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2007/10/24 13:16:44 | 000,462,848 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Program Files\Softwin\BitDefender10\vsserv.exe -- (VSSERV)
SRV - [2007/01/19 15:12:56 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2006/11/09 12:33:04 | 000,086,016 | ---- | M] (SOFTWIN S.R.L) [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2006/08/29 17:56:22 | 000,020,480 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/08/10 15:00:50 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/07/25 18:03:44 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:44 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:12 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:10 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 14:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/22 17:51:18 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/09/22 17:10:40 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/08/25 16:33:50 | 000,061,824 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/22 10:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/08/19 04:33:24 | 000,013,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos)
DRV - [2006/08/16 11:32:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/16 11:22:00 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/16 11:21:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/16 11:11:12 | 000,022,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos)
DRV - [2006/08/15 20:34:00 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/08/08 21:59:12 | 001,681,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/08/03 10:19:04 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006/08/03 10:19:02 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/08/03 10:19:02 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006/07/13 10:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/20 16:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 16:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 16:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/04/07 20:17:34 | 000,012,288 | ---- | M] (HiTRUST) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psdfilter.sys -- (psdfilter)
DRV - [2006/03/08 17:10:52 | 000,060,416 | ---- | M] (HiTRUST) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/08/10 20:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 20:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 20:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 20:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 20:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 20:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 20:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 20:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 20:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 20:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 20:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 20:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 20:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 20:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 20:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3775276516-1154701017-4215668824-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-3775276516-1154701017-4215668824-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3775276516-1154701017-4215668824-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3775276516-1154701017-4215668824-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/17 05:50:06 | 000,000,000 | ---D | M]

[2009/04/17 00:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wendy\Application Data\Mozilla\Extensions
[2009/04/17 00:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wendy\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2004/08/10 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3775276516-1154701017-4215668824-1005\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-3775276516-1154701017-4215668824-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3775276516-1154701017-4215668824-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender10\bdmcon.exe (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchApp] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3775276516-1154701017-4215668824-1005..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-3775276516-1154701017-4215668824-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3775276516-1154701017-4215668824-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: hilobupep - {c2915b6e-0725-444a-a840-3ebcfef55371} - CLSID or File not found.
O21 - SSODL: yuviwizuv - {b5568115-5aa7-4a06-bdc8-77d32cbcd0a0} - CLSID or File not found.
O22 - SharedTaskScheduler: {b5568115-5aa7-4a06-bdc8-77d32cbcd0a0} - kupuhivus - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {c2915b6e-0725-444a-a840-3ebcfef55371} - gahurihor - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Wendy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wendy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/22 17:11:12 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/15 06:48:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wendy\Desktop\OTL.exe
[2011/01/14 03:33:58 | 000,000,000 | -HSD | C] -- C:\FOUND.016
[2011/01/05 12:23:16 | 000,000,000 | -HSD | C] -- C:\FOUND.015
[2010/12/23 10:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wendy\Desktop\Incomplete
[2010/12/17 05:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wendy\Start Menu\Programs\FrostWire
[2010/12/17 05:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/12/17 05:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2010/12/17 05:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2006/05/25 18:18:48 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Wendy\Desktop\*.tmp files -> C:\Documents and Settings\Wendy\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/15 21:44:12 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Wendy\Desktop\Yahoo Email Virus.url
[2011/01/15 21:43:20 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2011/01/15 21:39:48 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3775276516-1154701017-4215668824-1005.job
[2011/01/15 21:39:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3775276516-1154701017-4215668824-1005.job
[2011/01/15 21:32:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/15 21:27:36 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Wendy\Desktop\HelpOnThe.Net Tech Support Guy - Free help for Windows 7, XP, Vista, and more!.url
[2011/01/15 21:26:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9D38D858-DACA-451A-B179-43732138EBBF}.job
[2011/01/15 21:21:58 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3775276516-1154701017-4215668824-1005Core1cb6f97e039ae54.job
[2011/01/15 09:40:12 | 000,001,205 | ---- | M] () -- C:\Documents and Settings\Wendy\Desktop\Underarm Boils Treatment and Home Remedies for Armpit Boils.url
[2011/01/15 06:47:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wendy\Desktop\OTL.exe
[2011/01/15 06:20:24 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Wendy\Local Settings\Application Data\housecall.guid.cache
[2011/01/14 03:52:46 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/14 03:51:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/14 03:51:34 | 803,385,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/14 03:50:58 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/01/14 03:49:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/13 03:47:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 03:37:12 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 03:37:10 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/11 13:49:02 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\WinASORegistryOptimizerForWendy.job
[2011/01/11 10:32:38 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Wendy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/11 10:29:42 | 000,005,632 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/09 01:47:54 | 003,120,736 | ---- | M] () -- C:\Documents and Settings\Wendy\Desktop\Dorinda Clark-Cole - No Not One (with J. Moss).mp3
[2011/01/02 14:05:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/23 10:40:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/23 10:29:00 | 000,000,255 | ---- | M] () -- C:\Documents and Settings\Wendy\Desktop\Fieldglass Login.url
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/17 05:51:54 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Wendy\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.2.lnk
[2010/12/17 05:51:50 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Wendy\Desktop\FrostWire 4.21.2.lnk
[2010/12/17 05:50:20 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/12/17 05:49:42 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Wendy\Desktop\*.tmp files -> C:\Documents and Settings\Wendy\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/15 21:36:47 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Wendy\Desktop\Yahoo Email Virus.url
[2011/01/15 09:40:11 | 000,001,205 | ---- | C] () -- C:\Documents and Settings\Wendy\Desktop\Underarm Boils Treatment and Home Remedies for Armpit Boils.url
[2011/01/15 06:20:22 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Wendy\Local Settings\Application Data\housecall.guid.cache
[2011/01/09 01:44:57 | 003,120,736 | ---- | C] () -- C:\Documents and Settings\Wendy\Desktop\Dorinda Clark-Cole - No Not One (with J. Moss).mp3
[2010/12/23 10:28:58 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\Wendy\Desktop\Fieldglass Login.url
[2010/12/17 05:51:53 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Wendy\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.2.lnk
[2010/12/17 05:51:49 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Wendy\Desktop\FrostWire 4.21.2.lnk
[2010/12/17 05:50:18 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/09/13 22:48:14 | 000,000,082 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/08/25 02:43:09 | 000,000,058 | ---- | C] () -- C:\WINDOWS\RegDefrag.ini
[2009/07/07 22:26:02 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Wendy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 23:55:40 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Wendy\Application Data\waQ1P0bNat.gif
[2009/06/08 23:55:40 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Wendy\Application Data\waQ1P0bNzn.gif
[2009/06/08 23:55:40 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Wendy\Application Data\waQ1P0bNby.gif
[2008/11/19 16:37:51 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/11/19 10:40:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/31 10:10:09 | 000,010,028 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/31 12:21:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Wendy\Local Settings\Application Data\fusioncache.dat
[2006/09/22 18:11:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/22 17:11:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/09/22 17:10:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/09/22 17:10:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/09/22 17:10:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/09/22 17:10:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/09/22 16:13:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/16 11:21:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/03 10:19:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys
[2006/08/03 10:19:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2006/07/20 10:33:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NATTraversal.dll
[2006/05/25 18:18:48 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2006/04/12 14:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2006/03/10 14:15:44 | 000,036,404 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/03/08 17:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2006/03/08 17:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/11/10 11:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/28 15:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/10 20:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/13 13:49:44 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/03/23 01:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/15 01:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/19 21:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/03/23 05:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/07 17:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/01 17:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/06/18 21:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wendy\Application Data\LimeWire
[2008/10/26 22:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wendy\Application Data\TypingMaster7
[2009/01/30 19:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wendy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/26 19:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wendy\Application Data\Audacity
[2009/12/19 23:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wendy\Application Data\Bitdefender
[2010/11/02 04:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wendy\Application Data\FrostWire
[2011/01/11 13:49:02 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\WinASORegistryOptimizerForWendy.job
[2011/01/15 21:26:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9D38D858-DACA-451A-B179-43732138EBBF}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/10 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 20:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 20:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 20:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP >
[2010/10/18 12:27:12 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP211\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/10/19 12:35:48 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP212\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/10/20 12:51:04 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP213\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/10/26 12:21:46 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP214\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/10/29 15:03:00 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP215\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/10/31 21:28:04 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP216\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/02 02:47:12 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP217\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/02 04:45:22 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP218\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/03 08:02:02 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP219\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/07 21:51:10 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP220\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/09 13:47:14 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP221\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/10 14:38:32 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP222\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/16 11:46:36 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP223\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/19 12:55:50 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP224\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/22 16:10:40 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP225\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/29 15:36:48 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP226\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/01 12:47:26 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP227\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/12 16:48:58 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP228\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/15 01:32:20 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP229\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/16 01:45:20 | 030,502,912 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP230\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/17 05:55:06 | 030,707,712 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP231\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/23 11:13:56 | 030,707,712 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP232\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/02 21:25:58 | 030,707,712 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP233\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/05 13:28:34 | 030,707,712 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP234\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/11 11:43:44 | 030,707,712 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP235\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/14 03:38:16 | 030,707,712 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP236\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/15 21:45:44 | 030,715,904 | ---- | M] () -- c:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP237\snapshot\_REGISTRY_MACHINE_SOFTWARE

< >

< End of report >
  • 0

#6
Essexboy
Posted 16 January 2011 - 06:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you do have some miscreants present - so lets kill them. You also have remnants of 3 old antivirus programmes running, so I shall remove them to ease the load on your computer

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2008/10/26 00:33:16 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2008/07/11 16:55:40 | 000,278,528 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV)
    SRV - [2007/10/24 13:16:44 | 000,462,848 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Program Files\Softwin\BitDefender10\vsserv.exe -- (VSSERV)
    SRV - [2007/01/19 15:12:56 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
    SRV - [2006/07/25 18:03:44 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
    SRV - [2006/07/25 18:03:44 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2006/11/09 12:33:04 | 000,086,016 | ---- | M] (SOFTWIN S.R.L) [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender
    DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2006/09/22 17:51:18 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
    DRV - [2006/08/19 04:33:24 | 000,013,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos)
    DRV - [2006/08/16 11:11:12 | 000,022,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos)
    O21 - SSODL: hilobupep - {c2915b6e-0725-444a-a840-3ebcfef55371} - CLSID or File not found.
    O21 - SSODL: yuviwizuv - {b5568115-5aa7-4a06-bdc8-77d32cbcd0a0} - CLSID or File not found.
    O22 - SharedTaskScheduler: {b5568115-5aa7-4a06-bdc8-77d32cbcd0a0} - kupuhivus - Reg Error: Value error. File not found
    O22 - SharedTaskScheduler: {c2915b6e-0725-444a-a840-3ebcfef55371} - gahurihor - Reg Error: Value error. File not found
    [2009/12/19 21:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2009/12/19 23:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wendy\Application Data\Bitdefender

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\drivers\svchost.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\drivers\svchost.exe"=-

    :Files
    ipconfig /flushdns /c
    %windir%\system32\drivers\svchost.exe
    C:\Program Files\Common Files\Symantec Shared
    C:\Program Files\Common Files\Softwin
    C:\Program Files\Symantec
    C:\Program Files\Common Files\Softwin

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
cheena71
Posted 16 January 2011 - 07:29 AM

cheena71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Really quick. I ran the scan. Then ran the scan fix with the cut and paste and it got "stuck." I rebooted and I'm trying it again. I'll post everything when I get it.
  • 0

#8
Essexboy
Posted 16 January 2011 - 08:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If it still hangs then proceed to combofix
  • 0

#9
cheena71
Posted 16 January 2011 - 09:06 AM

cheena71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I did it again and it hung. I will proceed to Combo fix
  • 0

#10
Essexboy
Posted 16 January 2011 - 09:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:D
  • 0

Advertisements

#11
cheena71
Posted 16 January 2011 - 09:32 AM

cheena71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here it is...

ComboFix 11-01-15.01 - Wendy 01/16/2011 10:24:36.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.415 [GMT -5:00]
Running from: c:\documents and settings\Wendy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 13:09 . 2011-01-16 13:09 -------- d-----w- C:\_OTL
2011-01-14 08:33 . 2011-01-14 08:33 -------- d-----w- C:\FOUND.016
2011-01-05 17:23 . 2011-01-05 17:23 -------- d-----w- C:\FOUND.015

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-06-29 20:58 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-03-23 10:52 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-03-23 10:52 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-03-23 10:52 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-03-23 10:52 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-03-23 10:52 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-03-23 10:52 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-03-23 10:52 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-03-23 10:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-20 23:09 . 2010-04-12 18:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-04-12 18:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-11 01:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53 . 2010-05-02 18:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2008-10-27 03:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2004-08-11 01:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2006-01-09 16:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-11 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-11 01:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-11 01:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-11 01:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-11 01:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-11 01:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"Google Update"="c:\documents and settings\Wendy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-01 133104]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-01 346112]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 208896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-11 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-11 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 442368]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-16 766041]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-08 479232]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 290816]
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-17 274608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-8-3 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\System32\\WgaTray.exe"=
"c:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"=
"c:\\Documents and Settings\\Wendy\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\EHOME\\EHTRAY.EXE"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Launch Manager\\QtZgAcer.EXE"=
"c:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"=
"c:\\Acer\\Empowering Technology\\ePresentation\\ePresentation.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE"=
"c:\\WINDOWS\\EHOME\\ehmsas.exe"=
"c:\\WINDOWS\\System32\\regsvr32.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/23/2010 5:52 AM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/23/2010 5:52 AM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/2/2010 3:21 AM 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 8:00 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3775276516-1154701017-4215668824-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3775276516-1154701017-4215668824-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3775276516-1154701017-4215668824-1005Core1cb6f97e039ae54.job
- c:\documents and settings\Wendy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-01 23:23]

2010-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 08:21]

2011-01-11 c:\windows\Tasks\WinASORegistryOptimizerForWendy.job
- c:\program files\WinASO\Registry Optimizer\RegOpt.exe [2010-08-25 16:20]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 08:21]

2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{9D38D858-DACA-451A-B179-43732138EBBF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-LaunchApp - (no file)
SharedTaskScheduler-{b5568115-5aa7-4a06-bdc8-77d32cbcd0a0} - (no file)
SharedTaskScheduler-{c2915b6e-0725-444a-a840-3ebcfef55371} - (no file)
SSODL-yuviwizuv-{b5568115-5aa7-4a06-bdc8-77d32cbcd0a0} - (no file)
SSODL-hilobupep-{c2915b6e-0725-444a-a840-3ebcfef55371} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 10:28
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1116)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\ieframe.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-01-16 10:30:37
ComboFix-quarantined-files.txt 2011-01-16 15:30

Pre-Run: 18,985,943,040 bytes free
Post-Run: 20,672,544,768 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 65CA36E500824AE4326321B22AAA7EDB
  • 0

#12
Essexboy
Posted 16 January 2011 - 09:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK looks like OTL got it alll bar one - Once this run is complete can you let me know what problems remain. I see that your drive is also formatted to fat32 weere you aware of this

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

#13
cheena71
Posted 16 January 2011 - 11:15 AM

cheena71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
No, I did not. I'm glad you brought that up. I have a FAT32 error and it dumps all the time. Will this solve it? Well, apparently you just gave me directions. LOL!
  • 0

#14
Essexboy
Posted 16 January 2011 - 11:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No I haven't yet given instruction for that - but it will make your system run better if you change it :D

It is fairly straight forward MS recommend that you back up data first, but I have never had any problems with it

How to convert a FAT volume or a FAT32 volume to NTFS

Note Although the chance of corruption or data loss during the conversion is minimal, we recommend that you perform a backup of the data on the volume that you want to convert before you start the conversion.

To convert an existing FAT or FAT32 volume to NTFS, follow these steps:

  • Click Start, point to All Programs, point to Accessories, and then click Command Prompt.
  • At the command prompt, type the following, where drive letter is the drive that you want to convert:
    convert drive letter: /fs:ntfs
  • For example, type the following command to convert drive C to NTFS:
    convert c: /fs:ntfs

Note If the operating system is on the drive that you are converting, you will be prompted to schedule the task when you restart the computer because the conversion cannot be completed while the operating system is running. When you are prompted, click YES.
When you receive the following message at the command prompt, type the volume label of the drive that you are converting, and then press ENTER:
The type of the file system is FAT.
Enter the current volume label for drive drive letter
When the conversion to NTFS is complete, you receive the following message at the command prompt:
Conversion complete
Quit the command prompt.


  • 0

#15
cheena71
Posted 16 January 2011 - 01:07 PM

cheena71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here it is...

ComboFix 11-01-15.01 - Wendy 01/16/2011 12:21:18.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.398 [GMT -5:00]
Running from: c:\documents and settings\Wendy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wendy\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 13:09 . 2011-01-16 13:09 -------- d-----w- C:\_OTL
2011-01-14 08:33 . 2011-01-14 08:33 -------- d-----w- C:\FOUND.016
2011-01-05 17:23 . 2011-01-05 17:23 -------- d-----w- C:\FOUND.015

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-06-29 20:58 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-03-23 10:52 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-03-23 10:52 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-03-23 10:52 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-03-23 10:52 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-03-23 10:52 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-03-23 10:52 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-03-23 10:52 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-03-23 10:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-20 23:09 . 2010-04-12 18:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-04-12 18:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-11 01:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53 . 2010-05-02 18:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2008-10-27 03:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2004-08-11 01:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2006-01-09 16:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-11 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-11 01:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-11 01:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-11 01:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-11 01:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-11 01:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"Google Update"="c:\documents and settings\Wendy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-01 133104]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-01 346112]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 208896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-11 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-11 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 442368]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-16 766041]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-08 479232]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 290816]
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-17 274608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-8-3 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\System32\\WgaTray.exe"=
"c:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"=
"c:\\Documents and Settings\\Wendy\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\EHOME\\EHTRAY.EXE"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Launch Manager\\QtZgAcer.EXE"=
"c:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"=
"c:\\Acer\\Empowering Technology\\ePresentation\\ePresentation.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE"=
"c:\\WINDOWS\\EHOME\\ehmsas.exe"=
"c:\\WINDOWS\\System32\\regsvr32.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/23/2010 5:52 AM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/23/2010 5:52 AM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/2/2010 3:21 AM 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 8:00 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3775276516-1154701017-4215668824-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3775276516-1154701017-4215668824-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3775276516-1154701017-4215668824-1005Core1cb6f97e039ae54.job
- c:\documents and settings\Wendy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-01 23:23]

2010-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 08:21]

2011-01-11 c:\windows\Tasks\WinASORegistryOptimizerForWendy.job
- c:\program files\WinASO\Registry Optimizer\RegOpt.exe [2010-08-25 16:20]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 08:21]

2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{9D38D858-DACA-451A-B179-43732138EBBF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 12:26
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3596)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\ieframe.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-01-16 12:27:44
ComboFix-quarantined-files.txt 2011-01-16 17:27
ComboFix2.txt 2011-01-16 15:30


Pre-Run: 20,660,649,984 bytes free
Post-Run: 20,673,822,720 bytes free

- - End Of File - - 3B0E7F89A598A97555DB94D1CD950480



Wait, I don't know which is which....Here's a log (there were two open when I went to breakfast)

ComboFix 11-01-15.01 - Wendy 01/16/2011 10:24:36.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.415 [GMT -5:00]
Running from: c:\documents and settings\Wendy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 13:09 . 2011-01-16 13:09 -------- d-----w- C:\_OTL
2011-01-14 08:33 . 2011-01-14 08:33 -------- d-----w- C:\FOUND.016
2011-01-05 17:23 . 2011-01-05 17:23 -------- d-----w- C:\FOUND.015

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-06-29 20:58 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-03-23 10:52 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-03-23 10:52 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-03-23 10:52 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-03-23 10:52 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-03-23 10:52 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-03-23 10:52 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-03-23 10:52 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-03-23 10:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-20 23:09 . 2010-04-12 18:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-04-12 18:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-11 01:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53 . 2010-05-02 18:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2008-10-27 03:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2004-08-11 01:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2006-01-09 16:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-11 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-11 01:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-11 01:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-11 01:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-11 01:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-11 01:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"Google Update"="c:\documents and settings\Wendy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-01 133104]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-01 346112]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 208896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-11 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-11 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 442368]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-16 766041]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-08 479232]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 290816]
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-17 274608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-8-3 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\System32\\WgaTray.exe"=
"c:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"=
"c:\\Documents and Settings\\Wendy\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\EHOME\\EHTRAY.EXE"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Launch Manager\\QtZgAcer.EXE"=
"c:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"=
"c:\\Acer\\Empowering Technology\\ePresentation\\ePresentation.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE"=
"c:\\WINDOWS\\EHOME\\ehmsas.exe"=
"c:\\WINDOWS\\System32\\regsvr32.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/23/2010 5:52 AM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/23/2010 5:52 AM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/2/2010 3:21 AM 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 8:00 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3775276516-1154701017-4215668824-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3775276516-1154701017-4215668824-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3775276516-1154701017-4215668824-1005Core1cb6f97e039ae54.job
- c:\documents and settings\Wendy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-01 23:23]

2010-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 08:21]

2011-01-11 c:\windows\Tasks\WinASORegistryOptimizerForWendy.job
- c:\program files\WinASO\Registry Optimizer\RegOpt.exe [2010-08-25 16:20]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 08:21]

2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{9D38D858-DACA-451A-B179-43732138EBBF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-LaunchApp - (no file)
SharedTaskScheduler-{b5568115-5aa7-4a06-bdc8-77d32cbcd0a0} - (no file)
SharedTaskScheduler-{c2915b6e-0725-444a-a840-3ebcfef55371} - (no file)
SSODL-yuviwizuv-{b5568115-5aa7-4a06-bdc8-77d32cbcd0a0} - (no file)
SSODL-hilobupep-{c2915b6e-0725-444a-a840-3ebcfef55371} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 10:28
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1116)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\ieframe.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-01-16 10:30:37
ComboFix-quarantined-files.txt 2011-01-16 15:30

Pre-Run: 18,985,943,040 bytes free
Post-Run: 20,672,544,768 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 65CA36E500824AE4326321B22AAA7EDB
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP