Inactive [A] Infected with sirefef.y Windows XP MCE

Status
Not open for further replies.
I did what you said, scan is now stuck on -

Scanning HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{adb44c00-1b8d-11d4-8d5e-00a0c90d - stops here
 
OTL logfile created on: 6/27/2012 9:47:02 AM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 818.13 Mb Available Physical Memory | 80.67% Memory free
2.39 Gb Paging File | 2.32 Gb Available in Paging File | 97.37% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 50.84 Gb Free Space | 48.51% Space Free | Partition Type: NTFS

Computer Name: SONYLAPTOP | User Name: Michael | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/25 19:23:50 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlndsdl.dll -- (R300)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SWUMX20.dll -- (proxyhostdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\changer.dll -- (epson_pm_rpcv4_01)
SRV - [2012/06/22 17:25:20 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/06/11 22:02:56 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2008/02/23 16:39:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/12/29 11:30:53 | 001,120,960 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/06/13 12:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 13:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 14:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 14:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 16:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 16:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 16:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/07/14 23:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w39n51.sys -- (w39n51) Intel(R)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michael\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/04/25 10:31:12 | 001,174,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2010/10/07 07:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Intel(R)
DRV - [2010/02/13 04:36:46 | 000,816,672 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AM10XP.sys -- (AM10)
DRV - [2007/12/29 11:30:54 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/11/15 22:46:40 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2007/08/03 19:09:34 | 000,046,112 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/05/14 19:35:12 | 000,108,928 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GCXX.sys -- (SEMWModem)
DRV - [2007/05/10 19:34:48 | 000,053,248 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GCXXNet.sys -- (SEMWWNIC)
DRV - [2007/05/10 19:32:52 | 000,019,328 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GCXXSC.sys -- (Sony_EricssonWWSC)
DRV - [2006/05/26 10:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/06 22:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/21 22:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/08 20:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/03 02:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/31 21:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/12/29 22:42:00 | 000,234,496 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/12/14 20:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/11/24 16:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/11 18:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/21 13:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2005/09/20 19:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2005/08/01 19:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 21:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 16:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 16:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2002/06/28 21:21:40 | 000,017,251 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001/07/24 13:34:34 | 000,007,520 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\..\SearchScopes,DefaultScope = {2820F9CC-DCCF-4F7A-9237-FC4F6189A5AD}
IE - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\..\SearchScopes\{2820F9CC-DCCF-4F7A-9237-FC4F6189A5AD}: "URL" = http://findgala.com/?&uid=8039&q={searchTerms}
IE - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
IE - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/11 17:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/15 23:39:57 | 000,000,000 | ---D | M]

[2011/08/14 18:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2012/02/15 14:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\vu2pgkjw.default\extensions
[2011/08/14 18:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/11 17:54:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/04 03:13:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 14:19:02 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/06/23 00:58:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (PeoplePC Web Installer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1104566655515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1292358942390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB74B4B-8B5E-4F8A-BD6D-FD6329B0A654}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4601F68-7B62-46DD-B197-56CED4ED4D71}: DhcpNameServer = 10.0.1.99
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/24 13:45:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: proxyhostdriver - %systemroot%\system32\SWUMX20.dll File not found
NetSvcs: epson_pm_rpcv4_01 - %systemroot%\system32\changer.dll File not found
NetSvcs: R300 - %systemroot%\system32\pdlndsdl.dll File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.PLCMg722 - C:\WINDOWS\System32\PLCMg722.acm (Polycom, Inc)
Drivers32: msacm.PLCMg728 - C:\WINDOWS\System32\PLCMg728.acm (Polycom, Inc)
Drivers32: msacm.PLCMg729A - C:\WINDOWS\System32\PLCMg729A.acm (Polycom, Inc)
Drivers32: msacm.PLCMsiren - C:\WINDOWS\System32\PLCMsiren.acm (Polycom, Inc)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 19:30:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/25 12:47:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/25 12:32:35 | 004,568,224 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/06/24 16:06:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/06/24 16:01:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/22 17:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2012/06/22 17:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Sun
[2012/06/22 17:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/06/22 17:24:40 | 001,374,624 | ---- | C] (ESET) -- C:\Documents and Settings\Michael\Desktop\eset_smart_security_live_installer.exe
[2012/06/22 17:16:13 | 000,000,000 | ---D | C] -- C:\regbak
[2012/06/22 15:06:00 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/06/22 11:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\PCHealth
[2012/06/22 11:14:39 | 007,750,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-rules.exe
[2012/06/22 11:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2012/06/22 10:56:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\dds.scr
[2012/06/18 13:35:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/18 13:35:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/18 13:35:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/18 13:35:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/18 13:33:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/18 13:33:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Administrative Tools
[2012/06/18 13:33:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/18 12:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PE Builder
[2012/06/18 12:19:55 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[2012/06/18 12:19:36 | 003,306,678 | ---- | C] (Bart Lagerweij ) -- C:\Documents and Settings\Michael\Desktop\pebuilder3110a.exe
[2012/06/18 10:00:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DBBK
[2012/06/12 21:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2012/06/12 21:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2012/06/12 20:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2012/06/12 20:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\COMODO
[2012/06/12 20:13:28 | 091,767,744 | ---- | C] (COMODO) -- C:\Documents and Settings\Michael\Desktop\cav_installer.exe
[2012/06/12 20:13:24 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Michael\Desktop\WinsockxpFix.exe
[2012/06/11 22:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Malwarebytes
[2012/06/11 22:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/11 22:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/11 22:16:01 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/11 22:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/11 22:15:28 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/11 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2012/06/11 22:02:52 | 000,816,672 | -H-- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\AM10XP.sys
[2012/06/11 22:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/06/11 21:43:33 | 001,174,976 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2012/06/11 21:43:33 | 000,226,592 | -H-- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2012/06/11 21:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\Win2KXP_v3.2.1.0
[2012/06/11 21:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Intel
[2012/06/11 21:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2012/06/11 20:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\U3
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========

[2012/06/27 09:43:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/25 19:23:50 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/06/25 12:47:15 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/06/25 12:30:46 | 004,568,224 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/06/24 16:09:04 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/06/24 16:07:25 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/24 15:51:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/23 00:58:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/23 00:32:22 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\rkill.com
[2012/06/22 22:03:15 | 000,000,346 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Shortcut to iExplore.lnk
[2012/06/22 17:33:06 | 050,730,496 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\f4f44f.msi
[2012/06/22 15:32:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2012/06/22 15:26:22 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/06/22 15:23:54 | 001,374,624 | ---- | M] (ESET) -- C:\Documents and Settings\Michael\Desktop\eset_smart_security_live_installer.exe
[2012/06/22 11:11:54 | 007,750,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-rules.exe
[2012/06/22 10:54:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\dds.scr
[2012/06/22 10:53:08 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\bepub3wo.exe
[2012/06/18 12:20:07 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\PE Builder.lnk
[2012/06/18 12:06:14 | 003,306,678 | ---- | M] (Bart Lagerweij ) -- C:\Documents and Settings\Michael\Desktop\pebuilder3110a.exe
[2012/06/18 09:54:08 | 001,415,784 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\yorkyt.exe
[2012/06/12 20:11:46 | 091,767,744 | ---- | M] (COMODO) -- C:\Documents and Settings\Michael\Desktop\cav_installer.exe
[2012/06/12 20:06:46 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Michael\Desktop\WinsockxpFix.exe
[2012/06/12 00:03:49 | 000,459,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/12 00:03:49 | 000,079,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/11 22:16:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/11 22:14:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/11 22:02:56 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2012/06/11 20:46:06 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/25 12:47:15 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/06/25 12:47:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/23 00:33:53 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\rkill.com
[2012/06/22 22:03:15 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Shortcut to iExplore.lnk
[2012/06/22 17:38:06 | 050,730,496 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\f4f44f.msi
[2012/06/22 10:56:48 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\bepub3wo.exe
[2012/06/18 13:35:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/18 13:35:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/18 13:35:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/18 13:35:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/18 13:35:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/18 12:20:07 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\PE Builder.lnk
[2012/06/18 09:59:29 | 001,415,784 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\yorkyt.exe
[2012/06/12 21:07:23 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/06/11 22:16:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/11 22:02:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2012/06/11 21:43:33 | 000,013,931 | -H-- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/04/20 19:46:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/14 20:53:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/26 01:44:15 | 000,028,368 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/04/04 01:16:39 | 000,001,955 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\WWB7_32.DAT
[2008/02/28 19:15:45 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/29 11:45:00 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2010/12/14 15:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2012/02/20 02:26:35 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\AVWNGIHMSE
[2012/06/11 22:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/06/12 21:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2007/12/29 11:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2012/06/22 17:55:37 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\e2f44e
[2007/12/29 16:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/04/04 01:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Automation
[2011/08/15 23:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/20 02:29:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Michael\Application Data\AV Security Essentials
[2008/02/29 04:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\InterVideo
[2008/09/27 23:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
[2010/12/14 15:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Polycom
[2008/09/01 15:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Research In Motion

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/01/09 12:33:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2006/07/24 13:45:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/06/22 15:26:22 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/06/25 12:47:15 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/06/25 13:05:05 | 000,014,821 | ---- | M] () -- C:\ComboFix.txt
[2006/07/24 13:45:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/07/24 13:45:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/12/29 11:31:56 | 000,001,223 | -H-- | M] () -- C:\IPH.PH
[2006/07/24 13:45:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/03/15 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/04 01:22:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/27 09:42:37 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2012/06/23 00:34:52 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2008/01/06 13:58:52 | 000,857,942 | ---- | M] () -- C:\VV_Install.log

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/07/24 13:45:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/11/15 22:46:32 | 000,028,472 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2004/03/22 19:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/07/24 06:34:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/07/24 06:34:09 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/07/24 06:34:08 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/04 01:29:11 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/12/29 11:45:15 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/07/24 13:52:26 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/06/22 10:53:08 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\bepub3wo.exe
[2012/06/12 20:11:46 | 091,767,744 | ---- | M] (COMODO) -- C:\Documents and Settings\Michael\Desktop\cav_installer.exe
[2012/06/25 12:30:46 | 004,568,224 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/06/22 15:23:54 | 001,374,624 | ---- | M] (ESET) -- C:\Documents and Settings\Michael\Desktop\eset_smart_security_live_installer.exe
[2012/06/22 17:23:08 | 021,054,960 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Michael\Desktop\jre-7u5-windows-i586.exe
[2012/06/22 11:11:54 | 007,750,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-rules.exe
[2012/06/11 22:14:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/22 11:36:14 | 061,984,776 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Michael\Desktop\mpam-fe.exe
[2012/06/22 11:16:00 | 000,868,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Michael\Desktop\nis_full.exe
[2012/06/25 19:23:50 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/06/18 12:06:14 | 003,306,678 | ---- | M] (Bart Lagerweij ) -- C:\Documents and Settings\Michael\Desktop\pebuilder3110a.exe
[2012/06/25 12:43:24 | 004,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Michael\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2012/06/12 20:06:46 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Michael\Desktop\WinsockxpFix.exe
[2012/06/12 00:00:18 | 012,035,176 | ---- | M] (Intel(R) Corporation) -- C:\Documents and Settings\Michael\Desktop\Wireless_15.1.1_Dx32.exe
[2012/06/18 09:54:08 | 001,415,784 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\yorkyt.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2006/03/15 08:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/06/26 17:38:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/12/29 11:45:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Michael\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2008/09/26 17:09:06 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Michael\Cookies\desktop.ini
[2012/06/27 09:43:34 | 000,393,216 | ---- | M] () -- C:\Documents and Settings\Michael\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/27 02:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2005/08/01 17:24:00 | 001,003,215 | ---- | M] () -- C:\WINDOWS\Installer\ms_office_trial.exe
[10 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 04:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 04:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 04:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 04:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 04:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 04:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 04:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
O3 - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2992983674-4066533863-796544119-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
[2012/02/20 02:26:35 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\AVWNGIHMSE
[2012/06/22 17:55:37 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\e2f44e
[2011/08/15 23:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/20 02:29:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Michael\Application Data\AV Security Essentials

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
HKU\S-1-5-21-2992983674-4066533863-796544119-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2992983674-4066533863-796544119-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-2992983674-4066533863-796544119-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Documents and Settings\All Users\Application Data\AVWNGIHMSE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\e2f44e\Quarantine Items folder moved successfully.
C:\Documents and Settings\All Users\Application Data\e2f44e\BackUp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\e2f44e\AVSESys folder moved successfully.
C:\Documents and Settings\All Users\Application Data\e2f44e folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Documents and Settings\Michael\Application Data\AV Security Essentials folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Michael
->Temp folder emptied: 20979 bytes
->Temporary Internet Files folder emptied: 444454 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54697696 bytes
->Google Chrome cache emptied: 856432 bytes
->Apple Safari cache emptied: 16870400 bytes
->Flash cache emptied: 470 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 384113 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 77309 bytes
RecycleBin emptied: 595968 bytes

Total Files Cleaned = 71.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: Michael
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: Michael
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06272012_121231

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 7 Update 5
Out of date Java installed!
Adobe Flash Player (10.3.183.5) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
 
Farbar Service Scanner Version: 25-06-2012 01
Ran by Michael (administrator) on 27-06-2012 at 12:19:50
Running from "C:\Documents and Settings\Michael\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
**** End of log ****
 
UPDATE - Hard wired worked. Assuming the wireless driver was corrupt, I uninstalled it from device manager, upon restart, it reinstalled and I am now back online! Im going to run eset online scan now.
 
Status
Not open for further replies.

Similar threads

A
Latest Windows Insider build hits the Canary Channel with Wi-Fi 7 support
Replies
0
Views
140
Alfonso Maruccia
A
Cal Jeffrey
Your outdated version of Windows Media Player 6 will still work after the Y2K38 bug ends...
Replies
6
Views
136
dangh
dangh
Daniel Sims
8BitDo pivots to PC nostalgia with C64-style mechanical keyboard and external joystick
Replies
6
Views
135
ferrellsl
F

Latest posts

Back