Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multi Browser Search Engine Redirect

Started by Le0nX , Apr 18 2011 03:28 PM

  • Please log in to reply

#1
Le0nX
Posted 18 April 2011 - 03:28 PM

Le0nX

    New Member

  • Member
  • Pip
  • 1 posts

Hello GeeksToGo,
I've been lurking on your site for some time, and have learned quite a bit on top of what I already knew. I'm fixing a computer for a friend of mine. He was loaded down with many rootkits, spyware, mal-ware, and viruses. I've managed to clean up the majority of them, and if any more exist on the machine, they aren't showing up in the many scans I have run.

The problem that I am having now is the redirecting bug. I've done searches, and followed this tutorial, but to no avail. The bug redirects from popular search engines(not just Google), and has affected Internet Explorer, Firefox, Google Chrome and Opera.

System Specs:
Dell Dimension 2400
512MB RAM
2.4GHz Intel Pentium 4
Windows Professional SP3

A list of scanners installed and used:
Avast! Free Antivirus
Malware Bytes' Anti-Malware
Spyware Terminator
SUPER Antispyware
Emsisoft Anti-Malware
Sophos Anti-Rootkit
TDSSKiller
SmitFraudFinder

And a list of tools I have already downloaded:
CWShredder
HijackThis
ComboFix
OTL
GMER
GooredFix

Current Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:11:55, on 4/18/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Repair.ANONYMOUS\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: MRI_DISABLED
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1291673933296
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 5249 bytes

Current OTL log:

OTL logfile created on: 4/18/2011 5:14:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Repair.ANONYMOUS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 163.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 21.49 Gb Free Space | 28.84% Space Free | Partition Type: NTFS

Computer Name: ANONYMOUS | User Name: Repair | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/18 16:16:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\OTL.exe
PRC - [2011/04/17 04:44:25 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011/03/30 04:16:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/04/20 14:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe


========== Modules (SafeList) ==========

MOD - [2011/04/18 16:16:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\OTL.exe
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2009/04/20 14:16:40 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wscsvc)
SRV - File not found [On_Demand | Stopped] -- -- (WMPNetworkSvc)
SRV - File not found [Disabled | Stopped] -- -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/17 04:44:25 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2011/04/17 04:44:24 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/12/06 17:08:52 | 000,119,288 | -H-- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2010/06/03 22:01:21 | 000,064,288 | -H-- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/01/30 13:12:06 | 000,045,568 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/09/17 10:02:54 | 000,732,928 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/07/02 11:26:20 | 000,202,368 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/07/02 11:25:24 | 000,631,680 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/07/02 11:24:16 | 001,063,936 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/03/05 13:19:28 | 000,015,840 | -H-- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2009/08/16 15:38:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/17 09:42:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/30 04:16:37 | 000,000,000 | ---D | M]

[2009/08/17 04:39:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data\Mozilla\Extensions
[2011/04/18 16:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\bwvoj0nj.default\extensions
[2011/04/18 15:20:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\bwvoj0nj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/18 15:20:33 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\bwvoj0nj.default\extensions\[email protected]
[2010/10/18 22:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/16 15:38:19 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/05/05 13:39:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/04/18 14:51:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED [2009/08/16 07:34:31 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1291673933296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/16 07:10:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/18 16:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\Logs
[2011/04/18 16:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\GooredFix Backups
[2011/04/18 16:37:20 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\GooredFix.exe
[2011/04/18 16:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/04/18 16:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
[2011/04/18 16:24:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/04/18 16:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2011/04/18 16:24:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/04/18 16:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\windows nt
[2011/04/18 16:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2011/04/18 16:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2011/04/18 16:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/04/18 16:24:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/04/18 16:21:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/18 16:16:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\OTL.exe
[2011/04/18 15:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data\Sun
[2011/04/18 14:48:58 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/04/18 14:48:58 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/04/18 14:48:58 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/04/18 14:48:58 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/04/18 14:48:58 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/04/18 14:48:58 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/04/18 14:48:58 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/04/18 14:48:58 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/04/18 14:48:58 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/04/18 14:48:57 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/04/18 14:48:57 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/04/18 14:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\SmitfraudFix
[2011/04/18 14:14:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/18 13:48:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Repair.ANONYMOUS\PrivacIE
[2011/04/18 13:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\backups
[2011/04/18 13:40:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\HijackThis.exe
[2011/04/18 13:39:46 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\cwshredder.exe
[2011/04/17 10:25:08 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\tdsskiller.exe
[2011/04/17 10:24:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/17 10:01:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/17 10:01:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/17 10:01:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/17 10:01:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/17 10:00:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/17 06:28:48 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2011/04/17 05:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/04/17 05:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/17 05:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2011/04/17 05:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/04/17 05:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\My Documents\Anti-Malware
[2011/04/17 04:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinClamAVShield
[2011/04/17 04:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data\Spyware Terminator
[2011/04/17 04:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator
[2011/04/17 04:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011/04/17 04:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011/04/17 04:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data\Malwarebytes
[2011/04/17 04:42:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/17 04:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/17 04:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/17 04:42:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/17 04:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/16 00:49:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Local Settings\Application Data\Microsoft
[2011/04/16 00:49:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data\Microsoft
[2011/04/16 00:49:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\SendTo
[2011/04/16 00:49:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data
[2011/04/16 00:49:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Start Menu\Programs\Startup
[2011/04/16 00:49:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Start Menu
[2011/04/16 00:49:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Start Menu\Programs\Accessories
[2011/04/16 00:49:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Repair.ANONYMOUS\IETldCache
[2011/04/16 00:49:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Cookies
[2011/04/16 00:49:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Templates
[2011/04/16 00:49:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Recent
[2011/04/16 00:49:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\PrintHood
[2011/04/16 00:49:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\NetHood
[2011/04/16 00:49:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Local Settings
[2011/04/16 00:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\My Documents
[2011/04/16 00:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data\Macromedia
[2011/04/16 00:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Favorites
[2011/04/16 00:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop
[2011/04/15 20:09:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/11 18:53:20 | 000,000,000 | ---D | C] -- C:\New Folder
[2011/03/29 05:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2011/04/18 16:37:21 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\GooredFix.exe
[2011/04/18 16:24:35 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/18 16:24:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/18 16:24:32 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 16:16:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\OTL.exe
[2011/04/18 15:26:04 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\e1xmche3.exe
[2011/04/18 14:51:23 | 000,002,308 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/04/18 14:51:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/18 14:48:49 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\SmitfraudFix.exe
[2011/04/18 13:40:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\HijackThis.exe
[2011/04/18 13:39:46 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\cwshredder.exe
[2011/04/17 10:29:57 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2011/04/17 10:25:12 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\tdsskiller.exe
[2011/04/17 10:07:24 | 004,323,312 | R--- | M] () -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\ComboFix.exe
[2011/04/17 05:19:07 | 000,001,793 | ---- | M] () -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\Sophos Anti-Rootkit.lnk
[2011/04/17 05:13:34 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/04/17 05:13:34 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2011/04/17 04:44:37 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2011/04/17 04:44:24 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/04/17 04:42:25 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/15 21:57:24 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/29 05:01:16 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/29 01:11:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2011/04/18 15:26:03 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\e1xmche3.exe
[2011/04/18 15:00:08 | 000,001,793 | ---- | C] () -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\Sophos Anti-Rootkit.lnk
[2011/04/18 14:49:29 | 000,002,308 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/04/18 14:48:58 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/04/18 14:48:58 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/04/18 14:48:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2011/04/18 14:48:45 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\SmitfraudFix.exe
[2011/04/17 10:29:57 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2011/04/17 10:29:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/17 10:01:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/17 10:01:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/17 10:01:04 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/17 10:01:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/17 10:01:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/17 09:57:05 | 004,323,312 | R--- | C] () -- C:\Documents and Settings\Repair.ANONYMOUS\Desktop\ComboFix.exe
[2011/04/17 08:54:47 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/17 05:13:34 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Repair.ANONYMOUS\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/04/17 05:13:34 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2011/04/17 04:44:37 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2011/04/17 04:44:24 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/04/17 04:42:25 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/16 00:49:17 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Repair.ANONYMOUS\Start Menu\Programs\Remote Assistance.lnk
[2011/04/12 04:36:42 | 000,017,324 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\n41lx44756h7500403g28
[2011/04/12 04:36:42 | 000,007,160 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\n41lx44756h7500403g28
[2010/10/18 22:51:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/09 03:44:35 | 000,262,144 | -H-- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/07/25 09:10:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/29 05:12:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/26 17:40:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/24 23:02:17 | 000,015,880 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/19 22:20:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/05/05 13:40:37 | 000,168,448 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/05/05 13:40:34 | 002,255,360 | -H-- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/05/05 13:40:34 | 000,795,648 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/05 13:40:34 | 000,130,048 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/05/05 13:40:33 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/05/05 13:40:32 | 000,067,584 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/05 13:35:54 | 000,094,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/05 13:28:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/05 13:24:50 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/05 08:18:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/05 08:14:21 | 000,258,248 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/20 14:25:16 | 000,210,944 | -H-- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2008/04/16 01:46:19 | 000,017,324 | -HS- | C] () -- C:\Documents and Settings\Repair.ANONYMOUS\Local Settings\Application Data\n41lx44756h7500403g28
[2008/04/14 08:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,441,124 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,071,060 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

OTL Extras Log:


OTL Extras logfile created on: 4/18/2011 5:14:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Repair.ANONYMOUS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 163.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 21.49 Gb Free Space | 28.84% Space Free | Partition Type: NTFS

Computer Name: ANONYMOUS | User Name: Repair | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"21497:TCP" = 21497:TCP:*:Enabled:BitComet 21497 TCP
"21497:UDP" = 21497:UDP:*:Enabled:BitComet 21497 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"Foxit Reader" = Foxit Reader
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Spyware Terminator_is1" = Spyware Terminator
"Unlocker" = Unlocker 1.8.7
"Winamp" = Winamp
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2009 3:39:18 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/16/2009 3:39:18 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/16/2009 3:39:18 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/16/2009 3:39:18 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/16/2009 3:39:18 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/16/2009 3:39:19 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/16/2009 3:39:19 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/16/2009 7:52:38 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/16/2009 7:52:40 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/18/2011 3:27:39 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application e1xmche3.exe, version 1.0.15.15570, faulting
module e1xmche3.exe, version 1.0.15.15570, fault address 0x0000c676.

[ System Events ]
Error - 4/17/2011 8:53:52 AM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/17/2011 8:55:03 AM | Computer Name = ANONYMOUS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 4/17/2011 8:56:32 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%2

Error - 4/17/2011 8:56:32 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 4/18/2011 3:36:46 PM | Computer Name = ANONYMOUS | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/18/2011 4:21:58 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7034
Description = The Emsisoft Anti-Malware 5.0 - Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/18/2011 4:21:58 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7034
Description = The Spyware Terminator Realtime Shield Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 4/18/2011 4:21:58 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/18/2011 4:21:58 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7034
Description = The User Profile Hive Cleanup service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/18/2011 4:26:16 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083


< End of report >


Thank you for any help you can offer!

P.S.: I'm in a predicament; I have to return this computer to its owner this evening!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP