TechSpot

Have downloaded Malware but virus is blocking access to it

Solved
By gill12
Feb 26, 2011
  1. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    I don't have Folder Options on my Windows Explorer.
     
  2. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    I have now found it!
     
  3. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    I uploaded that file but nothing happens, the programme doesn't acknowledge it. Also my Windows Folder has about 300 contaminated files in, mostly with uninstall in the name.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Says who?
     
  5. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    Me, I can see them. They all have dollar signs in the name and I can't open them, same as my word files.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Those are Windows updates uninstallation files.
    Leave them alone.

    Proceed with SystemLook.
     
  7. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    SystemLook won't run. It says sript required.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Did you paste a script from my reply #25?
    Please, pay attention.
     
  9. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    sorry, its 4.30am in London and i'm a bit tired.
    Here is the log.

    SystemLook 04.09.10 by jpshortstuff
    Log created at 04:35 on 08/03/2011 by Owner
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "kernel32.dll"
    C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll --a---- 985088 bytes [00:32 13/02/2008] [10:57 05/07/2006] 0FDD84928A5DDE2510761B7EC76CCEC9
    C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll --a---- 986112 bytes [17:28 12/02/2008] [16:07 16/04/2007] 09F7CB3687F86EDAA4CA081F7AB66C03
    C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll --a---- 991744 bytes [13:59 21/03/2009] [13:59 21/03/2009] DA11D9D6ECBDF0F93436A4B7C13F7BEC
    C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll -----c- 984576 bytes [10:28 21/09/2008] [15:52 16/04/2007] A01F9CA902A88F7CED06884174D6419D
    C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll -----c- 983552 bytes [00:32 13/02/2008] [12:00 04/08/2004] 888190E31455FAD793312F8D087146EB
    C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll -----c- 984064 bytes [19:16 13/02/2008] [10:55 05/07/2006] D8DB5397DE07577C1CB50BA6D23B3AD4
    C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll -----c- 989696 bytes [02:08 16/04/2009] [00:11 14/04/2008] C24B983D211C34DA8FCC1AC38477971D
    C:\WINDOWS\ERDNT\cache\kernel32.dll --a---- 989696 bytes [15:08 07/03/2011] [14:06 21/03/2009] B921FB870C9AC0D509B2CCABBBBE95F3
    C:\WINDOWS\ServicePackFiles\i386\kernel32.dll ------- 989696 bytes [09:14 17/09/2008] [00:11 14/04/2008] C24B983D211C34DA8FCC1AC38477971D
    C:\WINDOWS\system32\kernel32.dll --a---- 989696 bytes [12:00 04/08/2004] [14:06 21/03/2009] B921FB870C9AC0D509B2CCABBBBE95F3

    -= EOF =-
     
  10. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Download BlitzBlank and save it to your desktop.
    Double click on Blitzblank.exe

    • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
    • Click the Script tab and copy/paste the following text there:
    Code:
    CopyFile:
    C:\WINDOWS\ServicePackFiles\i386\kernel32.dll C:\WINDOWS\system32\kernel32.dll
    C:\WINDOWS\ServicePackFiles\i386\kernel32.dll C:\WINDOWS\ERDNT\cache\kernel32.dll
    

    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post the report created by Blitzblank.
      You can find it in the root of the drive, normally C:\
     
  11. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    Hi, here is Blitzbank report.

    BlitzBlank 1.0.0.32

    File/Registry Modification Engine native application
    CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\kernel32.dll", destinationFile = "\??\c:\windows\system32\kernel32.dll"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\kernel32.dll", destinationFile = "\??\c:\windows\erdnt\cache\kernel32.dll"
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Good.
    Re-run Combofix and post new log.
     
  13. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    Here is new log from safe mode:


    ComboFix 11-03-08.03 - Administrator 09/03/2011 2:21.11.2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.820 [GMT 0:00]
    Running from: c:\documents and settings\All Users\Desktop\gill12ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\SystemLook.exe
    c:\program files\Quicktime\QTTask.exe
    .
    -- Previous Run --
    .
    c:\windows\system32\kernel32.dll . . . is infected!!
    .
    --------
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-07 22:53 . 2011-03-07 22:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
    2011-03-07 22:50 . 2011-01-10 14:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-07 22:50 . 2011-01-10 14:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-07 22:50 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-03-07 22:50 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-03-07 22:49 . 2011-03-07 22:49 -------- d-----w- c:\program files\Avira
    2011-03-07 22:49 . 2011-03-07 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-02-28 23:53 . 2011-03-01 00:12 -------- d-----w- C:\Temp
    2011-02-27 00:46 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-27 00:46 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-27 00:01 . 2011-02-27 00:01 -------- d-----w- c:\program files\ESET
    2011-02-26 16:03 . 2011-02-28 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\gMpOpOg06300
    2011-02-16 18:43 . 2011-02-16 18:43 -------- d-----w- c:\program files\MyFree Codec
    2011-02-16 18:31 . 2011-02-17 14:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Samsung
    2011-02-16 17:38 . 2011-01-29 17:00 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2011-02-16 17:33 . 2011-02-16 17:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
    2011-02-16 17:22 . 2011-02-16 17:24 87340080 ----a-w- c:\program files\Kies_2.0.0.11014_49_2.exe
    2011-02-16 16:21 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll.new
    2011-02-16 16:20 . 2011-02-16 16:21 -------- d-----w- C:\e3e73489e9a60c045b91ecda
    2011-02-16 16:00 . 2011-02-16 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
    2011-02-16 16:00 . 2011-02-16 16:00 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Suite
    2011-02-16 15:47 . 2009-09-19 05:30 100224 ----a-w- c:\windows\system32\drivers\ss_bserd.sys
    2011-02-16 15:47 . 2009-09-19 05:30 14848 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
    2011-02-16 15:47 . 2009-09-19 05:30 12416 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
    2011-02-16 15:47 . 2009-09-19 05:30 123648 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
    2011-02-16 15:47 . 2009-09-19 05:30 98432 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
    2011-02-16 15:47 . 2009-09-19 05:30 12288 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
    2011-02-16 15:46 . 2011-02-16 15:46 -------- d-----w- c:\program files\DIFX
    2011-02-16 15:46 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-29 17:00 . 2011-01-29 17:00 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2011-01-29 17:00 . 2011-01-29 17:00 325552 ----a-w- c:\windows\MASetupCaller.dll
    2011-01-29 17:00 . 2011-01-29 17:00 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2011-01-29 17:00 . 2011-01-29 17:00 143360 ----a-w- c:\windows\system32\3DAudio.ax
    2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-03-07_15.24.07 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-03-07 22:50 . 2010-06-17 14:27 28520 c:\windows\system32\drivers\ssmdrv.sys
    + 2004-08-04 12:00 . 2011-03-08 11:22 989696 c:\windows\system32\kernel32.dll
    - 2004-08-04 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-10-29 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-10-29 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-10-29 118784]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
    "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
    "TPSMain"="TPSMain.exe" [2006-03-21 299008]
    "TPSODDCtl"="TPSODDCtl.exe" [2006-03-21 102400]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-02 198160]
    "IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 36864]
    "OneTouch Monitor"="c:\program files\Xerox One Touch\OneTouchMon.exe" [2003-06-12 86016]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2008-2-13 155648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-05-05 17:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [22/12/2009 02:31 95568]
    S2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 18:00 13568]
    S2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 17:59 33024]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [08/09/2010 01:30 217088]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/01/2010 21:08 135664]
    S2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [05/05/2006 17:33 3456]
    S3 AIDA32Driver;AIDA32Driver;\??\d:\3942\aida32.sys --> d:\3942\aida32.sys [?]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [22/12/2009 02:31 18136]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [08/09/2010 01:30 36640]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [16/02/2011 15:47 98432]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [16/02/2011 15:47 14848]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [16/02/2011 15:47 123648]
    S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [16/02/2011 15:47 100224]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
    .
    2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 21:07]
    .
    2011-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 21:07]
    .
    2011-03-09 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
    .
    2011-03-09 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-03-26 22:18]
    .
    .
    ------- Supplementary Scan -------
    .
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pjolj68m.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-09 02:31
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-842925246-1450960922-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,8f,3a,42,d6,9a,0a,4b,b5,bb,a2,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,8f,3a,42,d6,9a,0a,4b,b5,bb,a2,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(240)
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus2.dll
    c:\windows\system32\biologon.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\bio.dll
    c:\program files\Protector Suite QL\remote.dll
    .
    Completion time: 2011-03-09 02:34:59
    ComboFix-quarantined-files.txt 2011-03-09 02:34
    .
    Pre-Run: 58,133,942,272 bytes free
    Post-Run: 58,137,649,152 bytes free
    .
    - - End Of File - - EE032F796C6594DFA527E7E3C2DC1D19
     
  14. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Please, re-run SystemLook with the very same script as in my reply #25
     
  15. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    SystemLook 04.09.10 by jpshortstuff
    Log created at 06:46 on 09/03/2011 by Owner
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "kernel32.dll"
    C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll --a---- 985088 bytes [00:32 13/02/2008] [10:57 05/07/2006] 0FDD84928A5DDE2510761B7EC76CCEC9
    C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll --a---- 986112 bytes [17:28 12/02/2008] [16:07 16/04/2007] 09F7CB3687F86EDAA4CA081F7AB66C03
    C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll --a---- 991744 bytes [13:59 21/03/2009] [13:59 21/03/2009] DA11D9D6ECBDF0F93436A4B7C13F7BEC
    C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll -----c- 984576 bytes [10:28 21/09/2008] [15:52 16/04/2007] A01F9CA902A88F7CED06884174D6419D
    C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll -----c- 983552 bytes [00:32 13/02/2008] [12:00 04/08/2004] 888190E31455FAD793312F8D087146EB
    C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll -----c- 984064 bytes [19:16 13/02/2008] [10:55 05/07/2006] D8DB5397DE07577C1CB50BA6D23B3AD4
    C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll -----c- 989696 bytes [02:08 16/04/2009] [00:11 14/04/2008] C24B983D211C34DA8FCC1AC38477971D
    C:\WINDOWS\ERDNT\cache\kernel32.dll --a---- 989696 bytes [15:08 07/03/2011] [11:22 08/03/2011] C24B983D211C34DA8FCC1AC38477971D
    C:\WINDOWS\ServicePackFiles\i386\kernel32.dll ------- 989696 bytes [09:14 17/09/2008] [00:11 14/04/2008] C24B983D211C34DA8FCC1AC38477971D
    C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll --a---- 989696 bytes [14:06 21/03/2009] [14:06 21/03/2009] B921FB870C9AC0D509B2CCABBBBE95F3
    C:\WINDOWS\system32\kernel32.dll --a---- 989696 bytes [12:00 04/08/2004] [14:06 21/03/2009] B921FB870C9AC0D509B2CCABBBBE95F3
    C:\WINDOWS\system32\dllcache\kernel32.dll -----c- 989696 bytes [14:06 21/03/2009] [14:06 21/03/2009] B921FB870C9AC0D509B2CCABBBBE95F3

    -= EOF =-
     
  16. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    Hi, I've noticed that two of my folders, Owners Documents and Shared Documents, have moved outside Local Disk C and straight onto the computer.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    That file replacement didn't work for whatever reason.

    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.

    (If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.)

    You must enter which Windows installation to log onto. Type 1 and press enter.

    It will then prompt you for the Administrator's password. If there is no password, simply press Enter.

    You should get a black screen with a C:\>Windows prompt.

    [​IMG]


    Type the bolded text below:

    copy C:\WINDOWS\ServicePackFiles\i386\kernel32.dll C:\WINDOWS\system32\kernel32.dll (<---- watch for "spaces")

    Press Enter.

    (If it asks you if you are sure then say "Y".)

    Reboot computer.

    Post new SystemLook log.
     
  18. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    Hi,
    this is latest systems log.

    SystemLook 04.09.10 by jpshortstuff
    Log created at 22:34 on 09/03/2011 by Owner
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "kernel32.dll"
    C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll --a---- 985088 bytes [00:32 13/02/2008] [10:57 05/07/2006] 0FDD84928A5DDE2510761B7EC76CCEC9
    C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll --a---- 986112 bytes [17:28 12/02/2008] [16:07 16/04/2007] 09F7CB3687F86EDAA4CA081F7AB66C03
    C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll --a---- 991744 bytes [13:59 21/03/2009] [13:59 21/03/2009] DA11D9D6ECBDF0F93436A4B7C13F7BEC
    C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll -----c- 984576 bytes [10:28 21/09/2008] [15:52 16/04/2007] A01F9CA902A88F7CED06884174D6419D
    C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll -----c- 983552 bytes [00:32 13/02/2008] [12:00 04/08/2004] 888190E31455FAD793312F8D087146EB
    C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll -----c- 984064 bytes [19:16 13/02/2008] [10:55 05/07/2006] D8DB5397DE07577C1CB50BA6D23B3AD4
    C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll -----c- 989696 bytes [02:08 16/04/2009] [00:11 14/04/2008] C24B983D211C34DA8FCC1AC38477971D
    C:\WINDOWS\ERDNT\cache\kernel32.dll --a---- 989696 bytes [15:08 07/03/2011] [11:22 08/03/2011] C24B983D211C34DA8FCC1AC38477971D
    C:\WINDOWS\ServicePackFiles\i386\kernel32.dll ------- 989696 bytes [09:14 17/09/2008] [00:11 14/04/2008] C24B983D211C34DA8FCC1AC38477971D
    C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll --a---- 989696 bytes [14:06 21/03/2009] [14:06 21/03/2009] B921FB870C9AC0D509B2CCABBBBE95F3
    C:\WINDOWS\system32\kernel32.dll --a---- 989696 bytes [09:14 17/09/2008] [00:11 14/04/2008] C24B983D211C34DA8FCC1AC38477971D
    C:\WINDOWS\system32\dllcache\kernel32.dll -----c- 989696 bytes [14:06 21/03/2009] [14:06 21/03/2009] B921FB870C9AC0D509B2CCABBBBE95F3

    -= EOF =-
     
  19. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    That looks better.

    Re-run Combofix and post fresh log.
     
  20. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.605 [GMT 0:00]
    Running from: C:\Documents and Settings\All Users\Desktop\gill12ComboFix.exe


    ((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))


    2011-03-07 22:53:01 . 2011-03-07 22:53:01 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Avira
    2011-03-07 22:50:02 . 2011-01-10 14:23:53 61960 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
    2011-03-07 22:50:02 . 2011-01-10 14:23:53 135096 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
    2011-03-07 22:50:02 . 2010-06-17 14:27:24 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
    2011-03-07 22:50:02 . 2010-06-17 14:27:24 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
    2011-03-07 22:49:49 . 2011-03-07 22:49:49 -------- d-----w- C:\Program Files\Avira
    2011-03-07 22:49:49 . 2011-03-07 22:49:49 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
    2011-02-28 23:53:23 . 2011-03-01 00:12:19 -------- d-----w- C:\Temp
    2011-02-27 00:46:43 . 2010-12-20 18:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011-02-27 00:46:39 . 2010-12-20 18:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2011-02-27 00:01:39 . 2011-02-27 00:01:39 -------- d-----w- C:\Program Files\ESET
    2011-02-26 16:03:06 . 2011-02-28 18:28:50 -------- d-----w- C:\Documents and Settings\All Users\Application Data\gMpOpOg06300
    2011-02-16 18:43:35 . 2011-02-16 18:43:35 -------- d-----w- C:\Program Files\MyFree Codec
    2011-02-16 18:31:05 . 2011-02-17 14:42:46 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\Samsung
    2011-02-16 17:38:36 . 2011-01-29 17:00:44 4659712 ----a-w- C:\WINDOWS\system32\Redemption.dll
    2011-02-16 17:33:17 . 2011-02-16 17:33:17 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
    2011-02-16 17:22:39 . 2011-02-16 17:24:28 87340080 ----a-w- C:\Program Files\Kies_2.0.0.11014_49_2.exe
    2011-02-16 16:21:30 . 2008-07-06 12:06:10 89088 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll.new
    2011-02-16 16:20:25 . 2011-02-16 16:21:41 -------- d-----w- C:\e3e73489e9a60c045b91ecda
    2011-02-16 16:00:03 . 2011-02-16 16:00:03 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Suite
    2011-02-16 16:00:00 . 2011-02-16 16:00:00 -------- d-----w- C:\Documents and Settings\Owner\Application Data\PC Suite
    2011-02-16 15:47:54 . 2009-09-19 05:30:10 100224 ----a-w- C:\WINDOWS\system32\drivers\ss_bserd.sys
    2011-02-16 15:47:53 . 2009-09-19 05:30:10 14848 ----a-w- C:\WINDOWS\system32\drivers\ss_bmdfl.sys
    2011-02-16 15:47:53 . 2009-09-19 05:30:10 12416 ----a-w- C:\WINDOWS\system32\drivers\ss_bcmnt.sys
    2011-02-16 15:47:53 . 2009-09-19 05:30:10 123648 ----a-w- C:\WINDOWS\system32\drivers\ss_bmdm.sys
    2011-02-16 15:47:51 . 2009-09-19 05:30:10 98432 ----a-w- C:\WINDOWS\system32\drivers\ss_bbus.sys
    2011-02-16 15:47:51 . 2009-09-19 05:30:10 12288 ----a-w- C:\WINDOWS\system32\drivers\ss_bwhnt.sys
    2011-02-16 15:46:27 . 2011-02-16 15:46:27 -------- d-----w- C:\Program Files\DIFX
    2011-02-16 15:46:24 . 2008-08-26 09:26:12 18816 ----a-w- C:\WINDOWS\system32\drivers\pccsmcfd.sys


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-01-29 17:00:24 . 2011-01-29 17:00:24 90112 ----a-w- C:\WINDOWS\MAMCityDownload.ocx
    2011-01-29 17:00:24 . 2011-01-29 17:00:24 325552 ----a-w- C:\WINDOWS\MASetupCaller.dll
    2011-01-29 17:00:24 . 2011-01-29 17:00:24 30568 ----a-w- C:\WINDOWS\MusiccityDownload.exe
    2011-01-29 17:00:22 . 2011-01-29 17:00:22 143360 ----a-w- C:\WINDOWS\system32\3DAudio.ax
    2011-01-21 14:44:37 . 2004-08-04 12:00:00 439296 ----a-w- C:\WINDOWS\system32\shimgvw.dll
    2011-01-07 14:09:02 . 2004-08-04 12:00:00 290048 ----a-w- C:\WINDOWS\system32\atmfd.dll
    2010-12-31 13:10:33 . 2004-08-04 12:00:00 1854976 ----a-w- C:\WINDOWS\system32\win32k.sys
    2010-12-22 12:34:28 . 2004-08-04 12:00:00 301568 ----a-w- C:\WINDOWS\system32\kerberos.dll
    2010-12-20 23:59:20 . 2004-08-04 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
    2010-12-20 23:59:19 . 2004-08-04 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
    2010-12-20 23:59:19 . 2004-08-04 12:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
    2010-12-20 17:26:00 . 2004-08-04 12:00:00 730112 ----a-w- C:\WINDOWS\system32\lsasrv.dll
    2010-12-20 12:55:26 . 2004-08-04 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec


    ((((((((((((((((((((((((((((( SnapShot@2011-03-07_15.24.07 )))))))))))))))))))))))))))))))))))))))))

    + 2011-03-09 22:30:14 . 2011-03-09 22:30:14 16384 C:\WINDOWS\temp\Perflib_Perfdata_650.dat
    + 2011-03-07 22:50:05 . 2010-06-17 14:27:22 28520 C:\WINDOWS\system32\drivers\ssmdrv.sys
    + 2008-09-17 09:14:54 . 2008-04-14 00:11:56 989696 C:\WINDOWS\system32\kernel32.dll
    - 2004-08-04 12:00:00 . 2009-03-21 14:06:58 989696 C:\WINDOWS\system32\kernel32.dll
    + 2009-03-21 14:06:58 . 2009-03-21 14:06:58 989696 C:\WINDOWS\system32\dllcache\kernel32.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 16:44:34 3883856]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 13:20:19 68856]
    "HUAWEI 3G Data Card MTS"="C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe" [BU]
    "Search Protection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [BU]
    "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [BU]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2010-05-13 16:57:20 26192168]
    "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe" [2011-01-29 23:11:32 888120]
    "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 23:11:36 3372856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-29 15:11:46 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-29 15:11:44 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-29 15:11:50 118784]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 20:11:06 925696]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 18:29:08 88203]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648]
    "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-05-05 17:36:28 30208]
    "TPSMain"="TPSMain.exe" [2006-03-21 14:40:12 299008]
    "TPSODDCtl"="TPSODDCtl.exe" [2006-03-21 14:40:14 102400]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24:46 32768]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 09:43:48 57344]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2010-02-02 15:29:20 198160]
    "IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 08:50:26 36864]
    "OneTouch Monitor"="C:\Program Files\Xerox One Touch\OneTouchMon.exe" [2003-06-12 15:14:00 86016]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-11-17 20:59:04 421160]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 09:15:10 40368]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288]
    "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 14:23:29 281768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2008-2-13 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-05-05 17:48:24 40448 ----a-w- C:\WINDOWS\system32\psqlpwd.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R2 dgdersvc;Device Error Recovery Service;C:\WINDOWS\system32\dgdersvc.exe [22/12/2009 02:31:02 95568]
    R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 18:00:02 13568]
    R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 17:59:52 33024]
    R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [08/09/2010 01:30:47 217088]
    R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [05/05/2006 17:33:04 3456]
    R3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys [22/12/2009 02:31:02 18136]
    R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [08/09/2010 01:30:48 36640]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [28/01/2010 21:08:54 135664]
    S3 AIDA32Driver;AIDA32Driver;\??\D:\3942\aida32.sys --> D:\3942\aida32.sys [?]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [16/02/2011 15:47:51 98432]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [16/02/2011 15:47:53 14848]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [16/02/2011 15:47:53 123648]
    S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\WINDOWS\system32\drivers\ss_bserd.sys [16/02/2011 15:47:54 100224]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - FSUSBEXDISK

    Contents of the 'Scheduled Tasks' folder

    2011-02-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50:20 . 2009-10-22 10:50:20]

    2011-03-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-28 21:08:54 . 2010-01-28 21:07:32]

    2011-03-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-28 21:08:54 . 2010-01-28 21:07:32]

    2011-03-09 C:\WINDOWS\Tasks\OGALogon.job
    - C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 15:07:42 . 2009-08-03 15:07:42]

    2011-03-09 C:\WINDOWS\Tasks\WGASetup.job
    - C:\WINDOWS\system32\KB905474\wgasetup.exe [2009-03-26 07:23:17 . 2009-03-10 22:18:08]


    ------- Supplementary Scan -------

    uStart Page = hxxp://google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    FF - ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lhydjfig.default\
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
     
  21. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Very good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    kernel32.dll
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  22. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    OTL

    Hi, computer is working ok but I do seem to have a lot of dead-looking folders and files in several places. They are duller in colour than my other files and not accessible.

    Thank you very much for so much help.

    Here is OTL Txt

    OTL logfile created on: 10/03/2011 11:50:10 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\All Users\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,015.00 Mb Total Physical Memory | 609.00 Mb Available Physical Memory | 60.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 53.99 Gb Free Space | 72.45% Space Free | Partition Type: NTFS

    Computer Name: OWNER-D61B4598E | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/10 10:07:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
    PRC - [2009/12/22 02:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2009/12/22 02:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
    PRC - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/09/19 08:52:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    PRC - [2008/06/03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    PRC - [2006/05/05 17:39:54 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
    PRC - [2004/08/28 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/10 10:07:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
    MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2009/12/22 02:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2009/12/22 02:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
    SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2004/08/28 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/05/31 19:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/02/17 15:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/02/17 15:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2010/02/17 15:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/02/17 15:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/12/22 02:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/12/22 02:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
    DRV - [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2009/09/19 05:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
    DRV - [2009/09/19 05:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)
    DRV - [2009/09/19 05:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
    DRV - [2009/09/19 05:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
    DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/04/24 19:36:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
    DRV - [2007/04/24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV - [2006/10/29 15:12:18 | 001,428,480 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
    DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
    DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
    DRV - [2005/11/30 22:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005/11/15 21:00:22 | 001,122,656 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2005/06/02 15:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
    DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2003/08/21 14:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/...s/*http://uk.docs.yahoo.com/info/bt_side.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522



    IE - HKU\S-1-5-21-842925246-1450960922-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-842925246-1450960922-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-842925246-1450960922-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\S-1-5-21-842925246-1450960922-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-842925246-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-842925246-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/06 21:36:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/06 21:41:08 | 000,000,000 | ---D | M]

    [2009/08/20 07:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2011/03/09 21:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lhydjfig.default\extensions
    [2010/08/24 20:32:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lhydjfig.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/17 13:27:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lhydjfig.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/06/02 08:34:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lhydjfig.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2008/10/21 18:05:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lhydjfig.default\extensions\moveplayer@movenetworks.com
    [2011/03/09 21:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2008/04/17 16:42:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/03/28 18:18:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/02/02 15:30:24 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
    [2009/07/17 19:21:00 | 003,883,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

    O1 HOSTS File: ([2011/03/09 02:31:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
    O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Xerox One Touch\OneTouchMon.exe (Visioneer Inc)
    O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
    O4 - HKU\S-1-5-21-842925246-1450960922-725345543-1003..\Run: [HUAWEI 3G Data Card MTS] File not found
    O4 - HKU\S-1-5-21-842925246-1450960922-725345543-1003..\Run: [ISUSPM] File not found
    O4 - HKU\S-1-5-21-842925246-1450960922-725345543-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKU\S-1-5-21-842925246-1450960922-725345543-1003..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKU\S-1-5-21-842925246-1450960922-725345543-1003..\Run: [Search Protection] File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-842925246-1450960922-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-842925246-1450960922-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-842925246-1450960922-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-842925246-1450960922-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/12 11:57:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/10 10:07:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
    [2011/03/10 10:06:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2011/03/09 23:20:29 | 000,000,000 | ---D | C] -- C:\gill12ComboFix
    [2011/03/09 22:30:04 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Owner\My Documents\My Safe
    [2011/03/09 02:35:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/03/08 11:13:04 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Documents and Settings\Owner\Desktop\BlitzBlank.exe
    [2011/03/07 22:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
    [2011/03/07 22:50:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/03/07 22:50:02 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/03/07 22:50:02 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/03/07 22:50:02 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/03/07 22:50:02 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/03/07 22:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/03/07 22:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2011/03/04 14:30:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/03/04 14:18:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/03/04 14:18:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/03/04 14:18:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/03/04 14:18:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/03/04 14:17:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/03/04 10:49:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/03 09:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\AntiVirus
    [2011/02/28 23:53:23 | 000,000,000 | ---D | C] -- C:\Temp
    [2011/02/28 21:06:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2011/02/28 18:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2011/02/27 00:46:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/02/27 00:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/27 00:46:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/02/27 00:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/02/26 16:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gMpOpOg06300
    [2011/02/16 18:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MyFree Codec
    [2011/02/16 18:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
    [2011/02/16 18:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\SelfMV
    [2011/02/16 18:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Samsung
    [2011/02/16 18:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
    [2011/02/16 17:38:36 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
    [2011/02/16 17:35:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/02/16 17:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
    [2011/02/16 17:22:39 | 087,340,080 | ---- | C] (Samsung Electronics Co., Ltd. ) -- C:\Program Files\Kies_2.0.0.11014_49_2.exe
    [2011/02/16 16:20:25 | 000,000,000 | ---D | C] -- C:\e3e73489e9a60c045b91ecda
    [2011/02/16 16:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2011/02/16 16:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Suite
    [2011/02/16 15:47:54 | 000,100,224 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bserd.sys
    [2011/02/16 15:47:53 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys
    [2011/02/16 15:47:53 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys
    [2011/02/16 15:47:53 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys
    [2011/02/16 15:47:51 | 000,098,432 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys
    [2011/02/16 15:47:51 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys
    [2011/02/16 15:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2011/02/16 15:46:24 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
    [2011/02/16 13:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Samsung
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/10 11:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/10 10:35:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/10 10:24:35 | 000,000,402 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
    [2011/03/10 10:07:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/03/10 10:07:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
    [2011/03/09 23:30:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/09 23:30:24 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2011/03/09 23:30:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2011/03/09 23:30:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/03/09 23:19:55 | 004,284,284 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\gill12ComboFix.exe
    [2011/03/09 06:43:05 | 000,000,432 | ---- | M] () -- C:\Shortcut to Shared Documents.lnk
    [2011/03/09 06:42:40 | 000,000,441 | ---- | M] () -- C:\Shortcut (2) to My Documents.lnk
    [2011/03/09 06:42:33 | 000,000,441 | ---- | M] () -- C:\Shortcut to My Documents.lnk
    [2011/03/09 02:31:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/03/08 23:00:38 | 049,788,256 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en(2).exe
    [2011/03/08 19:12:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/03/08 11:12:28 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\Owner\Desktop\BlitzBlank.exe
    [2011/03/08 04:31:59 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
    [2011/03/04 14:30:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/02/27 01:53:31 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2011/02/16 18:40:40 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/16 18:30:28 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
    [2011/02/16 18:30:08 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
    [2011/02/16 18:19:18 | 040,257,852 | ---- | M] () -- C:\Program Files\GT-S5230_S5600 samsung.zip
    [2011/02/16 18:12:43 | 002,560,248 | ---- | M] () -- C:\Program Files\samsung kies.zip
    [2011/02/16 17:48:56 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/02/16 17:24:28 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Program Files\Kies_2.0.0.11014_49_2.exe
    [2011/02/16 16:19:48 | 000,433,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/02/16 16:19:48 | 000,067,960 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/02/16 15:40:26 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
    [2011/02/15 17:43:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/02/09 13:53:52 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll
    [2011/02/09 13:53:52 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/03/09 06:43:05 | 000,000,432 | ---- | C] () -- C:\Shortcut to Shared Documents.lnk
    [2011/03/09 06:42:40 | 000,000,441 | ---- | C] () -- C:\Shortcut (2) to My Documents.lnk
    [2011/03/09 06:42:33 | 000,000,441 | ---- | C] () -- C:\Shortcut to My Documents.lnk
    [2011/03/08 22:58:28 | 049,788,256 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en(2).exe
    [2011/03/08 19:12:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/03/08 04:31:58 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
    [2011/03/07 14:24:43 | 004,284,284 | R--- | C] () -- C:\Documents and Settings\All Users\Desktop\gill12ComboFix.exe
    [2011/03/04 14:30:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/03/04 14:30:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/03/04 14:18:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/03/04 14:18:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/03/04 14:18:35 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/03/04 14:18:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/03/04 14:18:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/02/26 23:26:41 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
    [2011/02/16 18:30:28 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
    [2011/02/16 18:30:08 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
    [2011/02/16 18:13:53 | 040,257,852 | ---- | C] () -- C:\Program Files\GT-S5230_S5600 samsung.zip
    [2011/02/16 18:12:37 | 002,560,248 | ---- | C] () -- C:\Program Files\samsung kies.zip
    [2011/02/16 16:22:14 | 000,875,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/02/09 13:53:52 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
    [2011/02/09 13:53:52 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
    [2011/01/29 17:00:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
    [2010/10/17 17:40:57 | 000,023,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/09/08 01:30:48 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2010/09/08 01:30:48 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2010/09/08 01:30:13 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
    [2010/07/05 13:23:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2010/06/09 11:11:39 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2010/06/09 11:08:49 | 000,270,336 | ---- | C] () -- C:\WINDOWS\IHelper.exe
    [2010/06/09 11:08:49 | 000,000,663 | ---- | C] () -- C:\WINDOWS\fe.INI
    [2010/02/02 15:36:10 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/12/15 17:38:53 | 000,000,049 | ---- | C] () -- C:\WINDOWS\bsm.ini
    [2009/11/09 02:08:10 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2009/11/09 02:08:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2009/11/09 02:08:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2009/11/09 02:08:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2009/10/06 07:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/08/26 01:12:20 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/20 07:27:32 | 000,001,174 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/06/03 14:21:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
    [2009/06/03 14:21:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
    [2009/06/03 14:21:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
    [2009/06/03 14:21:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
    [2009/06/03 14:21:08 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
    [2009/06/03 14:12:39 | 000,000,402 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
    [2009/02/27 20:39:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2009/02/20 09:47:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
    [2008/10/17 09:26:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
    [2008/04/17 16:42:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/04/08 14:35:40 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
    [2008/02/12 23:31:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
    [2008/02/12 22:31:45 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2008/02/12 22:31:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2008/02/12 22:31:45 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2008/02/12 22:31:45 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2008/02/12 15:58:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/02/12 12:00:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/02/12 11:54:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/02/12 11:45:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/02/12 11:43:52 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 12:00:00 | 000,433,004 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 12:00:00 | 000,067,960 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/07/21 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/07/21 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/08/09 12:15:16 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
    [2002/01/08 15:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
    [1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

    ========== LOP Check ==========

    [2008/03/18 10:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bryxen Software
    [2010/07/30 19:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2008/03/29 15:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
    [2011/02/28 18:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gMpOpOg06300
    [2008/05/22 12:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2008/05/25 20:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    [2011/02/16 16:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2010/08/24 06:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2011/02/16 18:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2010/06/09 11:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2010/08/25 22:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/01/23 20:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2010/01/03 14:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
    [2010/05/13 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoffeeCup Software
    [2009/12/02 13:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.oprah.ODreamBoard.534ED44D9AE279FF29AC813DD8537A397131794F.1
    [2008/11/02 07:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eBookPro6
    [2010/06/13 12:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
    [2008/03/29 15:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
    [2008/06/21 12:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Good Keywords v2
    [2008/02/22 18:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ieSpell
    [2010/11/21 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NoteTab Light
    [2010/07/28 17:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nvu
    [2011/02/16 16:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
    [2008/02/13 14:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Protector Suite
    [2010/08/24 06:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
    [2011/02/16 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
    [2008/06/01 18:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Software Defender
    [2008/04/08 14:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Toshiba
    [2011/03/09 23:30:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
    [2011/03/09 23:30:24 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    CONTINUED IN NEXT MESSAGE:
     
  23. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    < %SYSTEMDRIVE%\*.* >
    [2011/02/16 15:40:26 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
    [2008/02/12 11:57:34 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/03/08 11:22:18 | 000,000,726 | ---- | M] () -- C:\blitzblank.log
    [2010/08/11 11:30:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/03/04 14:30:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2008/08/18 14:14:30 | 000,005,953 | R--- | M] () -- C:\CLDMA.LOG
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2008/02/12 11:57:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2011/02/27 01:53:31 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2008/07/01 08:46:18 | 000,002,147 | ---- | M] () -- C:\header-img.php
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009/12/04 20:57:11 | 000,000,201 | ---- | M] () -- C:\InstallHelper.log
    [2008/02/12 11:57:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/08/10 23:49:44 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
    [2008/02/12 11:57:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/21 10:40:55 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/03/09 23:30:07 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/07 15:40:09 | 000,000,310 | ---- | M] () -- C:\rkill.log
    [2011/03/09 06:42:40 | 000,000,441 | ---- | M] () -- C:\Shortcut (2) to My Documents.lnk
    [2011/03/09 06:42:33 | 000,000,441 | ---- | M] () -- C:\Shortcut to My Documents.lnk
    [2011/03/09 06:43:05 | 000,000,432 | ---- | M] () -- C:\Shortcut to Shared Documents.lnk
    [2008/07/15 04:13:00 | 000,003,095 | ---- | M] () -- C:\sitemap.php
    [2008/02/13 14:14:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008/03/14 14:53:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2008/03/15 01:48:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2008/07/10 23:13:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2008/08/10 02:20:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2008/08/10 03:38:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2008/08/10 21:49:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2008/10/01 19:19:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2008/10/02 09:07:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2008/02/13 14:14:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2008/03/14 14:53:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2008/03/15 01:48:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2008/07/10 23:13:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2008/08/10 02:20:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2008/08/10 03:38:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2008/08/10 21:49:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2008/10/01 19:19:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2008/10/02 09:07:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2008/08/24 14:09:09 | 000,000,146 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/02/12 11:57:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll.new
    [2003/07/29 08:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL
    [2004/02/26 07:58:34 | 000,080,896 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBZPP5C.DLL
    [2002/01/08 14:51:00 | 000,047,616 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll
    [2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2008/02/14 10:22:21 | 000,001,618 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2011/02/16 18:19:18 | 040,257,852 | ---- | M] () -- C:\Program Files\GT-S5230_S5600 samsung.zip
    [2011/02/16 17:24:28 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Program Files\Kies_2.0.0.11014_49_2.exe
    [2011/02/16 18:12:43 | 002,560,248 | ---- | M] () -- C:\Program Files\samsung kies.zip

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/02/12 11:43:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/02/12 11:43:01 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/02/12 11:43:01 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/21 10:51:49 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/02/12 12:11:14 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/02/12 12:11:13 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/08 23:00:38 | 049,788,256 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en(2).exe
    [2011/03/08 11:12:28 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\Owner\Desktop\BlitzBlank.exe
    [2011/03/08 04:31:59 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >
    [2002/08/23 14:06:10 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\Usbscan.sys

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/02/12 12:11:13 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2008/05/31 11:59:49 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\desktop.ini
    [2011/03/09 23:33:09 | 000,425,984 | ---- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 18:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 18:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 18:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/02 18:07:27 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 18:04:01 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-10 10:10:06


    < End of report >
     
  24. gill12

    gill12 TS Rookie Topic Starter Posts: 44

    EXTRAS.TXT LOG


    OTL Extras logfile created on: 10/03/2011 11:50:10 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\All Users\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,015.00 Mb Total Physical Memory | 609.00 Mb Available Physical Memory | 60.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 53.99 Gb Free Space | 72.45% Space Free | Partition Type: NTFS

    Computer Name: OWNER-D61B4598E | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-842925246-1450960922-725345543-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
    "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
    "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
    "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
    "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2CFE4799-CB85-456C-AABE-9BA2D02D81DB}" = Sky Broadband
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
    "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6435C3A4-A53D-4794-B1AC-8BA45C3D0FAB}" = eBook Pro Business Edition
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{811D077C-657D-16E4-DF0A-E1E835F0731B}" = O Dream Board
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
    "{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
    "com.oprah.ODreamBoard.534ED44D9AE279FF29AC813DD8537A397131794F.1" = O Dream Board
    "Directory Submitter_is1" = Directory Submitter 1.0.24
    "DRM7Tool" = Personal License Update Wizard for Windows Media Player
    "FXCM Trading Station" = FXCM Trading Station
    "Good Keywords v2.01_is1" = Good Keywords v2.01.100107
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ieSpell" = ieSpell
    "InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "Keyword Cloud Generator_is1" = Keyword Cloud Generator 1.0.20
    "Lexmark 510 Series" = Lexmark 510 Series
    "Lexmark X1100 Series" = Lexmark X1100 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Messenger Plus! Live" = Messenger Plus! Live
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MRW!UninstallKey" = Ahead InCD EasyWrite Reader
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Nero - Burning Rom!UninstallKey" = Ahead Nero OEM
    "NeroVision!UninstallKey" = Ahead NeroVision Express
    "Niche Store Writer" = Niche Store Writer 1.0
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NoteTab Light 6_is1" = NoteTab Light 6 (Remove only)
    "PCFriendly" = PCFriendly
    "Power Saver" = TOSHIBA Power Saver
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealPlayer 12.0" = RealPlayer
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "web'n'walk USB manager" = web'n'walk USB manager
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xerox One Touch" = Xerox One Touch
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-842925246-1450960922-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "MyFreeCodec" = MyFreeCodec

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 08/03/2011 18:29:20 | Computer Name = OWNER-D61B4598E | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2000

    Error - 08/03/2011 19:34:31 | Computer Name = OWNER-D61B4598E | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 08/03/2011 19:34:31 | Computer Name = OWNER-D61B4598E | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1953

    Error - 08/03/2011 19:34:31 | Computer Name = OWNER-D61B4598E | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

    Error - 08/03/2011 19:34:33 | Computer Name = OWNER-D61B4598E | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 08/03/2011 19:34:33 | Computer Name = OWNER-D61B4598E | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3906

    Error - 08/03/2011 19:34:33 | Computer Name = OWNER-D61B4598E | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3906

    Error - 08/03/2011 19:34:35 | Computer Name = OWNER-D61B4598E | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 08/03/2011 19:34:35 | Computer Name = OWNER-D61B4598E | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5906

    Error - 08/03/2011 19:34:35 | Computer Name = OWNER-D61B4598E | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5906

    [ System Events ]
    Error - 08/03/2011 22:19:44 | Computer Name = OWNER-D61B4598E | Source = Service Control Manager | ID = 7001
    Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
    service which failed to start because of the following error: %%31

    Error - 08/03/2011 22:19:44 | Computer Name = OWNER-D61B4598E | Source = Service Control Manager | ID = 7001
    Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
    service which failed to start because of the following error: %%31

    Error - 08/03/2011 22:19:44 | Computer Name = OWNER-D61B4598E | Source = Service Control Manager | ID = 7001
    Description = The IPSEC Services service depends on the IPSEC driver service which
    failed to start because of the following error: %%31

    Error - 08/03/2011 22:19:44 | Computer Name = OWNER-D61B4598E | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AFD avgio avipbb Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip Tosrfcom

    Error - 08/03/2011 22:35:09 | Computer Name = OWNER-D61B4598E | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 08/03/2011 22:37:40 | Computer Name = OWNER-D61B4598E | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 09/03/2011 02:38:52 | Computer Name = OWNER-D61B4598E | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.2 for the Network Card with network
    address 001302CCCF4D has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 09/03/2011 04:39:10 | Computer Name = OWNER-D61B4598E | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.2 for the Network Card with network
    address 001302CCCF4D has been denied by the DHCP server 82.113.68.58 (The DHCP Server
    sent a DHCPNACK message).

    Error - 09/03/2011 04:39:13 | Computer Name = OWNER-D61B4598E | Source = Dhcp | ID = 1001
    Description = Your computer was not assigned an address from the network (by the
    DHCP Server) for the Network Card with network address 001302CCCF4D. The following
    error occurred: %%1223. Your computer will continue to try and obtain an address
    on its own from the network address (DHCP) server.

    Error - 10/03/2011 06:06:11 | Computer Name = OWNER-D61B4598E | Source = DCOM | ID = 10010
    Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
    with DCOM within the required timeout.


    < End of report >
     
  25. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Good news :)
    Leave those folders/files alone. Those are so called junctions. You need them.

    You need to reinstall your AV program.

    =========================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
      IE - HKU\S-1-5-21-842925246-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
      O4 - HKLM..\Run: [KernelFaultCheck] File not found
      O4 - HKU\S-1-5-21-842925246-1450960922-725345543-1003..\Run: [HUAWEI 3G Data Card MTS] File not found
      O4 - HKU\S-1-5-21-842925246-1450960922-725345543-1003..\Run: [ISUSPM] File not found
      O4 - HKU\S-1-5-21-842925246-1450960922-725345543-1003..\Run: [Search Protection] File not found
      O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.