also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot

TechSpot News Products Downloads Forums

[Inactive] :reads: Log files from Step 5 :smile: Please and thank you!

Discussion in 'Virus and Malware Removal' started by SheaReinke, Nov 10, 2011.

Page 1 of 2

SheaReinke Newcomer, in training
I am fairly techapable, but god damn old chum if I am out of my league right now with messing with my computer. I have AVG, Spybot S&D2, MS Castle Icon.. and a system optimizer that I paid for..seems to be doing things ..well.. I dunno, I don't really muck with the registry too much. I figure allot of this problem would be solved by 'the so called locking down of the system' which I assume has to do with ports.. or something? anyway :grinthumb

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-10 12:53:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MDT_MD400EB-00CPF0 rev.06.04G06
Running: krtcpr9m.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwecqaow.sys

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF7532018]
SSDT sptd.sys ZwEnumerateValueKey [0xF75323A6]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\aiylr8gy \Device\Scsi\aiylr8gy1Port2Path0Target0Lun0 899F11E8
Device \Driver\aiylr8gy \Device\Scsi\aiylr8gy1 899F11E8
Device \FileSystem\Ntfs \Ntfs 89C121E8
Device \FileSystem\Fastfat \Fat 89672430

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

mbam-log-2011-11-10

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8122

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/10/2011 2:57:49 AM
mbam-log-2011-11-10 (02-57-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 301622
Time elapsed: 2 hour(s), 53 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

& D.D.S.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 14:01:20 on 2011-11-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1469 [GMT -8:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\tmp\dn_00000420_00010379\RapportSetup-Full.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG8\avgrsx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/advanced_search?hl=en
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1317519239530
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{56805CA3-4887-45E9-BC73-0B5EBB2E421F} : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{BD7DA048-8D28-4997-81AA-993AC03FE088} : DhcpNameServer = 192.168.7.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Quick View Plus - ShellExecute Hook: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\e97gqy55.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cafeworld.com/ | http://plus.google.com | http://celebrity.myspace.com
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
cmdfile=NOTEPAD.EXE %1
JSEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-11-10 06:36:54 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1035f0a-e6d8-4e9e-b691-3a76de25b50a}\mpengine.dll
2011-11-08 05:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-07 21:08:25 -------- d-----w- c:\documents and settings\owner\local settings\application data\FixItCenter
2011-11-07 20:29:50 -------- d-----w- c:\windows\MATS
2011-11-07 20:29:47 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-11-07 20:22:51 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-11-07 20:22:51 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-11-07 20:22:41 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-07 20:22:41 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-07 20:06:09 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2011-11-07 19:19:41 -------- d-----w- c:\program files\VIA
2011-11-07 19:11:39 -------- d-----w- c:\program files\StartNow Toolbar
2011-11-06 00:22:28 1034240 ----a-r- c:\windows\system32\drivers\AE2500xp.sys
2011-11-06 00:21:29 88696 ----a-r- c:\windows\system32\packet.dll
2011-11-06 00:21:29 68224 ----a-r- c:\windows\system32\WanPacket.dll
2011-11-06 00:21:29 53299 ----a-r- c:\windows\system32\pthreadVC.dll
2011-11-06 00:21:29 34064 ----a-r- c:\windows\system32\drivers\npf.sys
2011-11-06 00:21:29 240248 ----a-r- c:\windows\system32\wpcap.dll
2011-11-04 22:36:42 -------- d-----w- c:\program files\Windows AIK
2011-11-04 22:25:38 -------- d-----w- C:\SpybotBootCD
2011-11-03 22:05:58 -------- d-----w- C:\ProcAlyzer Dumps
2011-11-03 19:43:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-03 19:43:22 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-11-03 19:43:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-02 15:56:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-10-26 07:05:21 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-26 07:05:21 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-26 07:01:29 -------- d-----w- c:\program files\iPod
2011-10-26 07:01:19 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-26 07:01:18 -------- d-----w- c:\program files\iTunes
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 01:18:08 -------- d-----w- c:\program files\Cisco Systems
2011-10-23 22:13:03 335104 ----a-w- c:\windows\system\rtl8187B.sys
2011-10-23 22:13:03 -------- d-----w- c:\windows\OPTIONS
2011-10-23 22:13:00 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2011-10-23 19:20:32 -------- d-----w- c:\windows\Performance
2011-10-23 19:20:19 -------- d-----w- c:\documents and settings\owner\local settings\application data\Microsoft Corporation
2011-10-23 19:19:07 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-10-22 21:16:36 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-10-21 08:22:01 -------- d-----w- c:\program files\MemTurbo 4
2011-10-21 07:16:50 -------- d-----w- c:\program files\Hard Disk Tune-Up
2011-10-21 06:26:55 -------- d-----w- c:\documents and settings\owner\application data\Systweak
2011-10-21 06:26:14 -------- d-----w- c:\program files\Advanced System Optimizer 3
2011-10-18 02:46:52 -------- d-----w- c:\documents and settings\owner\application data\Sammsoft
2011-10-18 02:45:05 -------- d-----w- c:\program files\ARO 2011
2011-10-18 02:36:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\OpenCandy
2011-10-18 02:36:07 -------- d-----w- c:\documents and settings\owner\application data\OpenCandy
2011-10-18 02:35:56 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-18 02:35:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-10-18 02:34:52 -------- d-----w- c:\documents and settings\owner\application data\DAEMON Tools Lite
2011-10-18 02:34:20 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2011-10-17 03:46:46 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-10-17 03:46:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-17 03:46:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 03:46:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 02:20:06 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-17 02:17:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-17 02:10:37 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-16 02:18:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-12 04:45:27 -------- d-----w- c:\program files\C-Media
.
==================== Find3M ====================
.
2011-10-31 23:00:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 14:05:30.24 ===============

..D.D.S. is still running.. I ..didn't.. turn off the security systems for GMER and DDS
I can run it again, but they ran! :grin: I mean I have done some document guided troubleshooting before and the four redundant security packs seems to have not stopped the D.D.S. Is there a recommended Registry Optimizer? Google suggests the ARO package ..and Solarwinds products like everywhere I go ~ I try to stay logged in to get better ad targeting from my searchs..ya know. 'Whats the incognito mode for?' ~Opera Unite!

:waits:

Ok, maybe using the internet while running D.D.S. was a bad idea..turned off the power timeout feature on the desktop too.. that might have done it.. eitherway I am going to post, unplug, and msconfig ~ BRB w/EDIT.D.S. Log!
Attached Files:
- attach.txt
  
  File size:
  
  22.6 KB
  
  Views:
  
  0
SheaReinke, Nov 10, 2011

#1
Broni Malware Annihilator
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

All logs have to be pasted not attached.
Please paste Attach.txt log in your next reply.

I don't see anything malicious so far.

You're running two AV programs though, MSE and AVG.
One of them has to go.
If AVG (that would be my suggestion) use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

Tel me more about your computer issues.
Broni, Nov 10, 2011

#2
SheaReinke Newcomer, in training

Ug, sorry forgot it said that in the five steps.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/5/2009 2:06:25 AM
System Uptime: 11/10/2011 1:56:40 PM (1 hours ago)
.
Motherboard: | | KT333CF-8235
Processor: AMD Athlon(tm) XP rrsossor | Socket A | 1794/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 10.755 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys AE2500
Device ID: USB\VID_13B1&PID_003A\000000000001
Manufacturer: Cisco Consumer Products LLC
Name: Linksys AE2500
PNP Device ID: USB\VID_13B1&PID_003A\000000000001
Service: Linksys_adapter_H
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
Service: FET5X86V
.
==== System Restore Points ===================
.
RP238: 10/30/2011 6:16:01 PM - ARO 2011- Before One Click
RP239: 10/30/2011 6:49:14 PM - Advanced System Optimizer
RP240: 10/30/2011 7:27:01 PM - ARO 2011- Before One Click
RP241: 10/31/2011 2:48:21 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP242: 10/31/2011 2:56:39 PM - Software Distribution Service 3.0
RP243: 10/31/2011 3:01:36 PM - ARO 2011- Before One Click
RP244: 10/31/2011 3:16:36 PM - Software Distribution Service 3.0
RP245: 10/31/2011 3:19:29 PM - Software Distribution Service 3.0
RP246: 10/31/2011 5:19:34 PM - ARO 2011- Before One Click
RP247: 11/1/2011 4:48:26 PM - ARO 2011- Before One Click
RP248: 11/1/2011 5:05:55 PM - Software Distribution Service 3.0
RP249: 11/2/2011 5:01:26 PM - Software Distribution Service 3.0
RP250: 11/3/2011 1:24:05 PM - C
RP251: 11/3/2011 2:45:53 PM - ARO 2011- Before One Click
RP252: 11/3/2011 3:03:57 PM - C
RP253: 11/4/2011 5:11:23 PM - System Checkpoint
RP254: 11/4/2011 10:47:13 PM - ARO 2011- Before One Click
RP255: 11/4/2011 11:13:21 PM - Software Distribution Service 3.0
RP256: 11/4/2011 11:19:21 PM - Advanced System Optimizer
RP257: 11/5/2011 4:10:52 PM - Removed Airlink101 USB Wireless Configuration Utility
RP258: 11/5/2011 4:17:31 PM - ARO 2011- Before One Click
RP259: 11/5/2011 11:52:39 PM - Software Distribution Service 3.0
RP260: 11/5/2011 11:56:47 PM - Advanced System Optimizer
RP261: 11/7/2011 8:34:47 AM - Software Distribution Service 3.0
RP262: 11/7/2011 9:28:29 AM - Advanced System Optimizer
RP263: 11/7/2011 11:19:35 AM - Installed Platform
RP264: 11/8/2011 7:47:36 PM - Software Distribution Service 3.0
RP265: 11/9/2011 10:15:06 PM - Software Distribution Service 3.0
RP266: 11/9/2011 10:36:44 PM - Software Distribution Service 3.0
RP267: 11/9/2011 10:44:10 PM - Advanced System Optimizer
RP268: 11/10/2011 12:41:34 PM - Installed Java(TM) 6 Update 29
RP269: 11/10/2011 2:01:32 PM - Installed Rapport
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 9.4.6
Advanced System Optimizer
Agere Systems PCI Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARO 2011
AVG Free 8.5
Bonjour
Certblaster CompTIA Network+ (2009 Edition)
Cisco Connect
DAEMON Tools Lite
FileZilla Client 3.5.1
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hard Disk Tune-Up 1.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HTML-Kit
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Jing
Junk Mail filter update
LibreOffice 3.3
LSI PCI Soft Modem
Malwarebytes' Anti-Malware version 1.51.2.1300
MemTurbo 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 7.0.1 (x86 en-US)
MSN
MSVCRT
MyPDF Maker
Notepad++
Opera 11.52
PADI Instructor Manual 2008 - English
PCI Audio Driver
Platform
Quick View Plus
QuickTime
Rapport
REALTEK RTL8187B Wireless LAN Driver
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Spybot - Search & Destroy 2
StartNow Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WordPerfect Office 2002 Professional
.
==== Event Viewer Messages From Past Week ========
.
11/9/2011 11:55:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
11/9/2011 11:55:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
11/9/2011 11:55:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
11/9/2011 10:17:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1506.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/9/2011 10:17:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1506.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/9/2011 10:17:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1506.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/7/2011 7:59:11 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\comctl32.dll. Reference error message: Error Message is unavailable .
11/7/2011 12:33:18 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
11/7/2011 11:31:53 AM, error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 8:30:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RapportMgmtService service.
11/6/2011 7:28:38 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
11/6/2011 7:23:09 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/6/2011 5:43:09 PM, error: Service Control Manager [7000] - The AVG8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/6/2011 5:43:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG8 E-mail Scanner service to connect.
11/6/2011 4:03:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
11/6/2011 4:03:14 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/6/2011 4:02:34 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/6/2011 3:26:39 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/6/2011 3:26:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
11/6/2011 3:26:38 PM, error: Service Control Manager [7000] - The NWLink SPX/SPXII Protocol service failed to start due to the following error: The system cannot find the file specified.
11/6/2011 3:26:36 PM, error: Service Control Manager [7000] - The Realtek EAPPkt Protocol service failed to start due to the following error: The system cannot find the file specified.
11/5/2011 2:56:16 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/5/2011 2:56:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
11/5/2011 11:33:13 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/5/2011 11:33:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/5/2011 11:32:50 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/5/2011 11:31:52 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/5/2011 11:31:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.
11/4/2011 9:53:15 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1119.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
11/4/2011 9:53:15 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1119.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
11/4/2011 5:30:39 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1119.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/10/2011 12:22:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Updater Service for StartNow Toolbar service to connect.
11/10/2011 1:55:11 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
.
==== End Of File ===========================

the 'toolbarupdaterservice' occasionally starts and I kill it with the task manager. I did a google search on it and you are probably familiar with its malware status. Right now things seem to be running fairly smoothly. http://screencast.com/t/KzPp8GJz <-- screen shot of my task tray. I use JING like a fiend. Absolutely love it. Not to be a pest, but why do I want only the one? I am currently reading a prep exam book for CompTIA's NET+ cert, and understanding what is going on is a high priority for me. I am really glad I found this forum! :grinthumb

Also..what *is* the number that goes between 44 and 88 and right before 77?
I tried 66 and 76 and neither worked..wait..did I try 76!?

SheaReinke, Nov 10, 2011

#3
Broni Malware Annihilator
Did you uninstall one of your AV programs?

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Nov 10, 2011

#4
SheaReinke Newcomer, in training

76! Indeed!

Ok, well where to begin?

This machine is six years old and pretty much hasn't been turned on since 2004. I have been tasked with puttin it and five other machines into a household network. I am planning on this machine being the primary interface for daily use. Last week I wasn't barely able to connect to the internet at all, and the system was very draggy. I have been using AVG, Spybot, MSE, and a package of optimizers I got from systweak.com ~ I know everybody says the optimizers are bad, but they certainly seem to have helped get the system back into basic functioning order, and the ram defragger thing is super keen ~ I have used it like four time to unfreeze software. It seems like ( and I understand this might be coincidence ) that when a program stops responding I can run the RAM optimizer and it unfreezes the program :shrug:

Right now the system seems to be running pretty good, but stuff like 'toolbarupdaterservice' keeps popping up, and some sites like Facebook seem to be responding very very slowly. In other words ~ I think I have gotten the box to about as good as I can get it using software fixers. Also ~ I want to understand what is going on so that I can prevent this phenomena from happening to the other machines as I bring them online. None of them have seen the internet for six years either. I plan on making one of them a proxy server for added security and one is intended to be a :sigh: 'hardened' file server. In a very nontechnical conversation with the owner of the network I promised I could bring the file server online in a way that it was available to the internal network but not externally. Still trying to figure *that* out. FYI ~ My dad has a PhD in Phycology and my mom has a master's degree in Education ( fine arts ) ~ so.. feel free to get a little technical and really.. 'tell me what I am doing' the more information I can digest in this process the better!

I have been running MS Updates regularly and trying to keep everything up to date.

Point of interest ~ when I MS-Configed in an Admin account 'owner' ( from the original installation six years ago ) I got a 'do this as an admin' error. I wonder.. is this perhaps due to the redundant AV software ownership/conflict? ..or would that be something else?

SheaReinke, Nov 10, 2011

#5
SheaReinke Newcomer, in training

Oh!

I mostly use Opera and keep the Unite / Webserver application on ~ and would prefer to keep that with this machine at the very least. Hardnening the proxy server is a plan, but I don't want to lock this machine down so hard that you can't use it for fun stuff like Zynga and Opera Unite.

In a related but perhaps non-issue note - I installed a 'Microsoft Fixit Center' and was able to regain access to the sound card functionality ~ when even uninstalling and reinstalling the drivers did not seem to make any difference. The way it went was the audio wasnt working. I uninstalled and reinstalled the drivers from CNET and still not working, then I used the systweak optimizer and still nothing ..but it recommended the free fixit software. I downloaded the audio fixit suggested, and it ran ..then.. it said 'download the entire thing' and so I went to MS whatever link and downloaded the whole Fixit Center package and reran the audio component ~ viola ~ sound!

SheaReinke, Nov 10, 2011

#6
Broni Malware Annihilator

Please read my previous reply.

Broni, Nov 10, 2011

#7
SheaReinke Newcomer, in training

AVG Dismissed!

Broni said: ↑

Did you uninstall one of your AV programs?

Uhh.. no.. havn't.. decided.. :sigh::grrr: AVG - uninstalling AVG ~BRB!

SheaReinke, Nov 10, 2011

#8
SheaReinke Newcomer, in training

MBR and notes

OK, forgot to mention. One of the things that I have been using my system optimizer for. It has a 'common problems' fixxer and one of them is missing task icons. I have used that successfully maybe five times? Spybot, MSE, and odd stuff like the sound mixer icon fail to load intermittently. I run the optimizer's fixer for missing task icons, log off, and they are there again when I log back in. Here is the MBR log. I am going to msconfig (disable non-ms and startups ) and BRB.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-10 19:47:32
-----------------------------
19:47:32.437 OS Version: Windows 5.1.2600 Service Pack 3
19:47:32.437 Number of processors: 1 586 0xA00
19:47:32.437 ComputerName: OWNER-EEF7CF997 UserName: Owner
19:47:33.258 Initialize success
19:54:26.653 AVAST engine defs: 11111001
19:54:51.779 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:54:51.779 Disk 0 Vendor: MDT_MD400EB-00CPF0 06.04G06 Size: 38166MB BusType: 3
19:54:53.822 Disk 0 MBR read successfully
19:54:53.822 Disk 0 MBR scan
19:54:54.052 Disk 0 Windows XP default MBR code
19:54:54.062 Disk 0 scanning sectors +78140160
19:54:54.763 Disk 0 scanning C:\WINDOWS\system32\drivers
19:55:38.656 Service scanning
19:55:39.528 Service MpKsl4696110f c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1035F0A-E6D8-4E9E-B691-3A76DE25B50A}\MpKsl4696110f.sys **LOCKED** 32
19:55:39.978 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
19:55:40.549 Modules scanning
19:55:58.385 Disk 0 trace - called modules:
19:55:58.445 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys viaide.sys PCIIDEX.SYS
19:55:58.945 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4f3ab8]
19:55:58.955 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a4f89e8]
19:55:58.965 5 ACPI.sys[f7498620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a517940]
19:56:00.247 AVAST engine scan C:\WINDOWS
19:56:26.465 AVAST engine scan C:\WINDOWS\system32
20:02:34.584 AVAST engine scan C:\WINDOWS\system32\drivers
20:03:23.204 AVAST engine scan C:\Documents and Settings\Owner
20:22:25.487 AVAST engine scan C:\Documents and Settings\All Users
20:27:17.377 Scan finished successfully
20:28:05.045 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat"
20:28:05.075 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt"

SheaReinke, Nov 10, 2011

#9
Broni Malware Annihilator

Go on........

Broni, Nov 11, 2011

#10
SheaReinke Newcomer, in training

Combofix log!

ComboFix 11-11-11.01 - Owner 11/10/2011 20:50:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1640 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\WINDOWS
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\AutoRun.ini
c:\windows\dasetup.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 00:23 . 2001-07-31 01:50 125440 ------w- c:\windows\system32\sx96v32.dll
2011-11-11 00:22 . 2011-11-11 00:23 -------- d-----w- c:\windows\speech
2011-11-11 00:22 . 2011-11-11 00:22 -------- d-----w- c:\program files\Dragon Systems
2011-11-10 23:04 . 2011-11-11 04:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2011-11-10 23:04 . 2011-11-10 23:04 -------- d-----r- c:\program files\Skype
2011-11-10 23:04 . 2011-11-10 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-11-10 22:02 . 2011-11-10 22:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Trusteer
2011-11-10 06:36 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1035F0A-E6D8-4E9E-B691-3A76DE25B50A}\mpengine.dll
2011-11-08 05:28 . 2011-11-08 05:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-07 21:08 . 2011-11-07 21:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter
2011-11-07 20:29 . 2011-11-07 20:29 -------- d-----w- c:\windows\MATS
2011-11-07 20:29 . 2011-11-07 20:29 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-11-07 20:22 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-11-07 20:22 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-11-07 20:22 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-07 20:22 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-07 20:06 . 2011-11-07 20:06 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2011-11-07 19:19 . 2011-11-07 19:23 -------- d-----w- c:\program files\VIA
2011-11-07 19:19 . 2011-11-11 00:18 -------- d-----w- c:\program files\Common Files\InstallShield
2011-11-06 00:22 . 2011-03-30 06:22 1034240 ----a-r- c:\windows\system32\drivers\AE2500xp.sys
2011-11-05 00:30 . 2011-11-05 00:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-11-04 22:36 . 2011-11-06 02:45 -------- d-----w- c:\program files\Windows AIK
2011-11-04 22:25 . 2011-11-04 22:25 -------- d-----w- C:\SpybotBootCD
2011-11-03 23:06 . 2011-11-05 23:23 -------- d-----w- c:\documents and settings\Browser
2011-11-03 22:05 . 2011-11-03 22:05 -------- d-----w- C:\ProcAlyzer Dumps
2011-11-03 19:43 . 2011-11-03 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-11-03 19:43 . 2009-01-25 20:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-11-03 19:43 . 2011-11-10 07:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-11-01 23:46 . 2011-11-01 23:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-10-31 23:03 . 2011-10-31 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-10-31 01:34 . 2011-10-31 01:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-10-26 07:05 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-26 07:05 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-26 07:01 . 2011-10-26 07:01 -------- d-----w- c:\program files\iPod
2011-10-26 07:01 . 2011-10-26 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-26 07:01 . 2011-10-26 07:05 -------- d-----w- c:\program files\iTunes
2011-10-26 06:59 . 2011-10-26 06:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-10-26 06:07 . 2011-10-26 06:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 01:18 . 2011-10-24 01:18 -------- d-----w- c:\program files\Cisco Systems
2011-10-23 22:13 . 2011-10-23 22:13 -------- d-----w- c:\windows\OPTIONS
2011-10-23 22:13 . 2008-06-26 13:26 335104 ----a-w- c:\windows\system\rtl8187B.sys
2011-10-23 22:13 . 2011-10-23 22:13 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2011-10-23 19:20 . 2011-10-23 19:20 -------- d-----w- c:\windows\Performance
2011-10-23 19:20 . 2011-10-23 19:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Corporation
2011-10-23 19:19 . 2011-10-23 19:19 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-10-22 21:16 . 2011-10-31 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-10-21 20:32 . 2011-10-28 05:33 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla
2011-10-21 20:31 . 2011-10-21 20:31 -------- d-----w- c:\program files\FileZilla FTP Client
2011-10-21 08:22 . 2011-10-21 08:22 -------- d-----w- c:\program files\MemTurbo 4
2011-10-21 07:16 . 2011-10-21 07:16 -------- d-----w- c:\program files\Hard Disk Tune-Up
2011-10-21 06:26 . 2011-10-21 06:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Systweak
2011-10-21 06:26 . 2011-10-21 06:26 -------- d-----w- c:\program files\Advanced System Optimizer 3
2011-10-18 02:46 . 2011-10-21 07:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Sammsoft
2011-10-18 02:45 . 2011-10-21 05:20 -------- d-----w- c:\program files\ARO 2011
2011-10-18 02:36 . 2011-10-18 03:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\OpenCandy
2011-10-18 02:36 . 2011-10-18 02:39 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenCandy
2011-10-18 02:35 . 2011-10-18 02:35 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-18 02:35 . 2011-10-18 02:35 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-10-18 02:34 . 2011-10-18 03:57 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
2011-10-18 02:34 . 2011-10-18 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2011-10-17 03:46 . 2011-10-17 03:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-10-17 03:46 . 2011-10-17 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-17 03:46 . 2011-10-17 03:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 03:46 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 02:20 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-17 02:17 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-17 02:10 . 2011-10-17 02:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-16 02:18 . 2011-10-16 02:18 -------- d-----w- c:\program files\Common Files\Java
2011-10-16 02:18 . 2011-10-03 13:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 23:00 . 2011-10-11 18:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2009-02-05 10:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:37 . 2009-11-27 04:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 18:41 . 2010-03-18 17:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-12 14:02 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-12 14:02 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-19 02:42 . 2011-09-19 02:42 5120 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{AFE68D65-01D4-4B1A-902D-2660BC0C503F}\IconTmpl.6CB586F0_5D86_454E_A763_2AAC2F44EA18.exe
2011-09-09 09:12 . 2004-08-12 13:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-12 14:09 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-12 13:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-12 13:55 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-29 06:53 . 2011-10-08 01:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [1999-01-14 41472]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk]
backup=c:\windows\pss\CorelCENTRAL 10.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Security Essentials.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Security Essentials.lnk
backup=c:\windows\pss\Microsoft Security Essentials.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Contents.URL]
backup=c:\windows\pss\Contents.URLStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MemTurbo.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MemTurbo.lnk
backup=c:\windows\pss\MemTurbo.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 17:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 08:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 23:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-07-13 00:33 1581056 ----a-w- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 01:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2010-08-19 22:23 3069192 ----a-w- c:\program files\TechSmith\Jing\Jing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2001-10-02 06:36 77887 ----a-w- c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2011-08-04 23:18 3225504 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 17:36 19549320 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2011-08-04 23:17 3008408 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-23 06:23 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"szserver"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Updater Service for StartNow Toolbar"=2 (0x2)
"SeaPort"=2 (0x2)
"SDUpdateService"=2 (0x2)
"SDScannerService"=2 (0x2)
"SDHookService"=2 (0x2)
"RapportMgmtService"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MatSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Hard Disk Tune-Up"=2 (0x2)
"gusvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate1ca2eb039d50a60"=2 (0x2)
"fsssvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"bepldr"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AgereModemAudio"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Chami\\HTML-Kit\\Bin\\HTMLKit.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/7/2011 9:28 PM 56208]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [11/7/2011 9:30 PM 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/7/2011 9:28 PM 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/7/2011 9:28 PM 164112]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [11/3/2011 11:43 AM 38504]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/7/2011 9:28 PM 931640]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [11/5/2011 4:22 PM 1034240]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [11/7/2011 9:30 PM 21520]
R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2/4/2009 5:54 PM 166720]
S1 MpKslb27ba595;MpKslb27ba595;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E14880A5-C765-487F-BEF6-AA08FC1245B3}\MpKslb27ba595.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E14880A5-C765-487F-BEF6-AA08FC1245B3}\MpKslb27ba595.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/12/2004 6:06 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [11/14/2006 10:34 AM 147456]
S4 gupdate1ca2eb039d50a60;Google Update Service (gupdate1ca2eb039d50a60);c:\program files\Google\Update\GoogleUpdate.exe [9/5/2009 9:09 PM 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/5/2009 9:09 PM 133104]
S4 Hard Disk Tune-Up;Hard Disk Tune-Up;c:\program files\Hard Disk Tune-Up\HDTuneUpSrv.exe [10/20/2011 11:16 PM 441344]
S4 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S4 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [11/3/2011 11:43 AM 130976]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/3/2011 11:43 AM 1082800]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/3/2011 11:43 AM 1149864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-10-21 c:\windows\Tasks\ASO-AutoCheckUpdate7Days.job
- c:\program files\Advanced System Optimizer 3\CheckUpdate.exe [2011-10-21 23:38]
.
2011-11-09 c:\windows\Tasks\ASO-Driver Updater.job
- c:\program files\Advanced System Optimizer 3\DriverUpdater.exe [2011-10-21 23:36]
.
2011-11-08 c:\windows\Tasks\ASO-OneClickCare.job
- c:\program files\Advanced System Optimizer 3\ASO3.exe [2011-10-21 23:37]
.
2011-11-11 c:\windows\Tasks\ASO-SystemCleaner.job
- c:\program files\Advanced System Optimizer 3\SystemCleaner.exe [2011-10-21 23:37]
.
2011-11-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-11-03 23:18]
.
2011-11-11 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 06:09]
.
2011-11-11 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 06:09]
.
2011-11-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 06:38]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 05:09]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 05:09]
.
2011-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-11-11 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-11-03 23:17]
.
2011-11-11 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-11-03 23:17]
.
2011-11-11 c:\windows\Tasks\User_Feed_Synchronization-{7C615A86-7B59-4AAC-A917-A03BE9834C2F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
2011-11-11 c:\windows\Tasks\User_Feed_Synchronization-{8F5D7231-C4FB-4BA7-816B-740CD767992A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/advanced_search?hl=en
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.7.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e97gqy55.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cafeworld.com/ | http://plus.google.com | http://celebrity.myspace.com
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - avgrsstx.dll
Notify-SDWinLogon - SDWinLogon.dll
Notify-TPSvc - TPSvc.dll
MSConfigStartUp-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-10 21:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-1682526488-854245398-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
c:\progra~1\MICROS~2\Office10\MCPS.DLL
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\mspaint.exe
.
**************************************************************************
.
Completion time: 2011-11-10 21:13:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-11 05:12
.
Pre-Run: 11,271,135,232 bytes free
Post-Run: 11,783,122,944 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - A690CDECE5C838AF01F50F09DC357E20

Hell yeah - this thing tanked explorer twice but I noticed it deleted that bastard toolbarupdater :smirk: Oh! msconfiging I got that error again.
http://screencast.com/t/DoGGvwjOb

OK, what next? Any comments on the data presented? Anything I should be looking at specifically? Quick question :smirk: I keep asking questions you keep answering? Like....... '19:55:58.385 Disk 0 trace - called modules:' wuzzat mean?

SheaReinke, Nov 11, 2011

#11
SheaReinke Newcomer, in training

Wait..did I install Avast or did I dload the database MBR needed to use?
http://screencast.com/t/eRr9bm0bx
No Avast listed on the Add/Rem

SheaReinke, Nov 11, 2011

#12
SheaReinke Newcomer, in training

The other problem

This is really why I feel like simply running the scans and such ain't sufficient. I opened up Opera and the browser stalled while loading the page no less than ten times. It loaded the page partially and I could see it, but the progress/elements bar stalled at like about 70 or 80 elements or so. Took ten or so page reloads to get Opera to say 'done' ... makes me concerned ... ya know?

SheaReinke, Nov 11, 2011

#13
Broni Malware Annihilator
Uninstall Advanced System Optimizer 3
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

===================================================================

Combofix log looks good.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Nov 11, 2011

#14
SheaReinke Newcomer, in training
Well that was epc annoying, OTL

Something needs fixing..the system froze solid four times and lost track of the Wireless stick ( USB ). The Log,

OTL logfile created on: 11/11/2011 10:28:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Test\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 80.93% Memory free
2.23 Gb Paging File | 1.99 Gb Available in Paging File | 89.23% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 11.77 Gb Free Space | 31.60% Space Free | Partition Type: NTFS

Computer Name: OWNER-EEF7CF997 | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 22:16:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Test\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/08/04 15:17:58 | 003,148,200 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
PRC - [2011/08/04 15:17:34 | 003,219,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/07 21:30:22 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/28 13:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/07/26 10:56:16 | 000,576,512 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/04/20 11:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/04 15:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/08/04 15:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/08/04 15:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/25 13:01:30 | 000,441,344 | ---- | M] (Sammsoft) [Disabled | Stopped] -- C:\Program Files\Hard Disk Tune-Up\HDTuneUpSrv.exe -- (Hard Disk Tune-Up)
SRV - [2006/11/14 10:34:06 | 000,147,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)

========== Driver Services (SafeList) ==========

DRV - [2011/11/07 21:30:22 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/10/17 18:35:58 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/04 15:17:08 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)
DRV - [2011/03/29 22:22:30 | 001,034,240 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AE2500xp.sys -- (Linksys_adapter_H)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/13 14:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/06/27 14:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004/08/12 06:02:46 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/12 06:02:46 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/07/16 10:58:12 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/17 04:50:34 | 000,166,720 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3m.sys -- (s3m)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 21 EE DA 55 7E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/02 07:56:54 | 000,000,000 | ---D | M]

[2011/11/10 12:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/15 18:18:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/10 12:42:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/28 22:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 16:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/10 21:03:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DgnWebIE) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll (Dragon Systems)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1317519239530 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56805CA3-4887-45E9-BC73-0B5EBB2E421F}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BF40466-8D5C-40BB-A5EE-BBC0B7FA4B8A}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD7DA048-8D28-4997-81AA-993AC03FE088}: DhcpNameServer = 192.168.7.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll ()
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/05 02:03:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell - "" = AutoRun
O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell\AutoRun\command - "" = F:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 10:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Test\Desktop\Unused Desktop Shortcuts
[2011/11/11 10:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Test\Local Settings\Application Data\Apple Computer
[2011/11/11 10:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Test\Application Data\Apple Computer
[2011/11/11 10:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Test\Local Settings\Application Data\Trusteer
[2011/11/10 22:16:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Test\Desktop\OTL.exe
[2011/11/10 21:13:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/10 20:47:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/10 20:44:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/10 20:44:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/10 20:44:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/10 20:44:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/10 20:44:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/10 20:43:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/10 16:23:45 | 000,125,440 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\sx96v32.dll
[2011/11/10 16:22:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2011/11/10 16:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dragon Systems
[2011/11/10 15:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/10 15:04:11 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/10 15:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/10 12:42:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/10 12:42:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/10 12:42:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/11/07 12:29:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2011/11/07 12:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2011/11/07 12:22:51 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/11/07 12:22:41 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2011/11/07 11:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2011/11/07 11:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/11/05 16:22:28 | 001,034,240 | R--- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\AE2500xp.sys
[2011/11/04 16:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011/11/04 14:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows AIK
[2011/11/04 14:25:38 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2011/11/03 14:05:58 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011/11/03 11:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/11/03 11:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/11/03 11:43:22 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011/11/03 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/11/01 15:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/10/31 15:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/10/30 17:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/10/25 23:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/25 23:05:21 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/10/25 23:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/25 23:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/25 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/25 22:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/10/25 22:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/10/24 13:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/10/23 17:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2011/10/23 14:13:03 | 000,335,104 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System\rtl8187B.sys
[2011/10/23 14:13:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2011/10/23 14:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
[2011/10/23 11:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/10/23 11:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/10/22 13:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/10/21 12:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2011/10/21 12:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/10/21 00:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MemTurbo
[2011/10/21 00:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\MemTurbo 4
[2011/10/20 23:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hard Disk Tune-Up
[2011/10/20 23:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hard Disk Tune-Up
[2011/10/20 22:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced System Optimizer 3
[2011/10/20 22:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer 3
[2011/10/17 18:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/10/17 18:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/10/17 18:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2011/10/17 18:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/10/17 18:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/10/16 19:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/16 19:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/16 19:46:23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/16 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/16 18:17:58 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/10/16 18:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/15 18:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/15 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/15 18:18:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/11 10:28:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7C615A86-7B59-4AAC-A917-A03BE9834C2F}.job
[2011/11/11 10:27:18 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2011/11/11 10:26:33 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/11/11 10:26:19 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/11/11 10:26:18 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/11 10:26:17 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/11/11 10:26:16 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/11/11 10:25:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/11 10:25:41 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/11 10:20:25 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Test\Desktop\Shortcut to &Run....lnk
[2011/11/11 10:20:22 | 000,497,546 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\working3.PNG
[2011/11/11 10:19:31 | 000,521,322 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\working2.PNG
[2011/11/11 10:19:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/11 10:17:46 | 000,520,587 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\working.PNG
[2011/11/11 10:14:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/11 10:13:53 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8F5D7231-C4FB-4BA7-816B-740CD767992A}.job
[2011/11/11 10:02:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/11 09:55:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/10 22:16:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Test\Desktop\OTL.exe
[2011/11/10 21:03:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/10 20:41:11 | 000,000,239 | ---- | M] () -- C:\Boot.bak
[2011/11/10 20:32:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/11/10 19:34:53 | 000,012,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/10 16:30:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\audio.INI
[2011/11/10 16:28:03 | 000,000,219 | ---- | M] () -- C:\WINDOWS\dgnsetup.ini
[2011/11/10 16:27:59 | 000,000,668 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2011/11/10 15:13:43 | 000,060,686 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\shea01.png
[2011/11/10 14:55:46 | 022,478,848 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\SkypeSetup.msi
[2011/11/10 14:25:13 | 000,501,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/10 14:25:13 | 000,086,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/09 23:47:31 | 000,000,217 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/11/08 23:07:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/11/07 12:29:53 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix*it Center.lnk
[2011/11/07 11:09:19 | 000,000,025 | ---- | M] () -- C:\WINDOWS\mixerdef.ini
[2011/10/31 15:00:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/29 21:05:07 | 000,000,793 | ---- | M] () -- C:\WINDOWS\lrun32.ini
[2011/10/24 13:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/10/23 13:32:39 | 000,012,634 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/10/16 18:11:30 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/11 10:20:25 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Test\Desktop\Shortcut to &Run....lnk
[2011/11/11 10:20:22 | 000,497,546 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\working3.PNG
[2011/11/11 10:19:30 | 000,521,322 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\working2.PNG
[2011/11/11 10:17:45 | 000,520,587 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\working.PNG
[2011/11/10 20:47:41 | 000,000,239 | ---- | C] () -- C:\Boot.bak
[2011/11/10 20:47:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/10 20:44:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/10 20:44:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/10 20:44:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/10 20:44:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/10 20:44:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/10 16:30:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\audio.INI
[2011/11/10 16:24:10 | 000,000,668 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/11/10 16:24:08 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Dragon NaturallySpeaking.lnk
[2011/11/10 16:18:27 | 000,000,219 | ---- | C] () -- C:\WINDOWS\dgnsetup.ini
[2011/11/10 15:13:43 | 000,060,686 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\shea01.png
[2011/11/10 14:49:50 | 022,478,848 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\SkypeSetup.msi
[2011/11/07 12:32:49 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/11/07 12:32:48 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/11/07 12:29:53 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2011/11/07 12:29:53 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix*it Center.lnk
[2011/11/07 11:23:14 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vinyl Deck.lnk
[2011/11/03 12:21:55 | 000,000,217 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/11/03 11:44:06 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/11/03 11:44:03 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/11/03 11:44:00 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/11/03 11:43:37 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/10/23 17:18:42 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Connect.lnk
[2011/10/23 11:19:12 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/10/20 19:13:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/16 18:16:15 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/16 18:11:30 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/10/11 20:45:28 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2011/10/11 13:02:44 | 000,032,044 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/06 17:37:48 | 000,000,793 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2011/09/29 19:21:48 | 000,339,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/28 17:31:12 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/10/10 18:14:36 | 000,000,173 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009/08/24 17:23:55 | 000,007,658 | ---- | C] () -- C:\WINDOWS\extend.dat
[2009/04/27 21:09:38 | 000,041,472 | ---- | C] () -- C:\WINDOWS\qvphook.dll
[2009/04/27 20:54:38 | 000,000,895 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/16 14:26:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009/02/05 02:06:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/05 02:00:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/04 17:52:21 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/04 17:49:29 | 000,172,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/12 06:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 06:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 06:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 06:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 06:03:20 | 000,501,936 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 06:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 06:03:19 | 000,086,418 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 06:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 05:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 05:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 05:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 05:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/11/19 15:46:20 | 000,036,924 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 15:43:38 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[1996/11/16 23:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/16 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/16 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/16 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

< End of report >

I paid for my optimizer stuff and it has a few tools I want to use, but I will recognize the strength of your suggestion and refrain from using it wontonly. I have not used it during this process as requested. One of the things about buying the package is you get a phone number to call should you get to that point - ya know?

The entire process log of getting the OTL Log,

I downloaded the OTL and ran it with exceptions from the desktop.
The system froze. OTL was on line '%systemroot%\System32\config\*.sav'
Reboot
I get a DOS recovery console I have never seen before. I choose normal.
I loggin to an Alt-Admin account that I created sometime ago (1)
I cannot activate the run command from the start menu.
Windows prompts to create a shortcut to run on the desktop.
I can't run the shortcut to run from the desktop.
I use win-r and MS Config ( Disable Non-MS Services and All Startups )
I get this error using MSConfig http://screencast.com/t/DoGGvwjOb (2)
Recovery Console - I choose normal.
In the Alt-Admin I test the run shortcuts. All three work.
I run OTL. Completes.
I open the Control Panel to get to the error log ( curious )
Windows firewall pops up and I have to unblock explorer.exe ( !? )
I look through the last two weeks of errors.
I MS Config back to normal and get the error again. (2)
Recovery Console - I choose normal.
I open up Opera and almost past the OTL Log and Extras file here, but
System Freezes. Reboot, Recovery Console, I choose normal.
Log into Alt-Admin Account.
I MS Config ( Disable non-ms and all startups ) error (2)
Log into Alt-Admin and I run OTL with the correct exceptions.
I MS Config back to normal and get the error again (2)
Primary User comes up without the Wireless USB, or any AV software. (3)
I choose to Switch User to the Alt-Admin and the system freezes.
Reboot. Recovery Council, I choose normal.
Logged into Alt-Admin and Wireless USB does not load, MSE does.
Checked Add Hardware tool on the control panel.
Add Hardware wizard says that a piece of hardware is being installed try later.
Checked the Device Manager and it seems to be refreshing continually.
I MS Config with the normal option and get the error. (2)
Recovery Console, I choose normal.
I log into the Primary User and there is no sound, spybot, or internet.
MSE loaded.
Check Add Hardware wizard - same 'installing'
Check Device Manager - same 'bouncing'
Shut down.
Unplug Wireless USB and USB Microphone.
Restart, Recovery Console, I choose normal.
Check Device Manager - not bouncing.
Check Add Hardware wizard - it is now acting normal.
Close control panels and plug in Wireless USB.
System Freeze.
Restart and everything seems to come up fine. (4)
I launch Task Manager, shrink it.
I Launch Opera and take the final jingshot.
Attach the extras and second extended OTL log, and Post!

(4)
http://screencast.com/t/Tlsi403z42Yi[/IMG]
(3)
http://screencast.com/t/ilY1Vo8L[/IMG]
(2)
http://screencast.com/t/DoGGvwjOb[/IMG]
(1) I created it to test the freezing problem. I thought the freezing problem had gone away after I got the optimizer, but now it seems to be back.
Attached Files:
- OTL2.Txt
  
  File size:
  
  90 KB
  
  Views:
  
  0
- Extras.Txt
  
  File size:
  
  36.9 KB
  
  Views:
  
  0
SheaReinke, Nov 11, 2011

#15
Broni Malware Annihilator
Please observe forum rules.
All logs have to be PASTED not attached.

What happened to Microsoft Security Essentials?
I don't see any AV program running.

====================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell - "" = AutoRun O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell\AutoRun\command - "" = F:\WIN\setup.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] :Commands [purity] [emptytemp] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

=============================================================

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, Nov 11, 2011

#16
SheaReinke Newcomer, in training

I MS Configed and turned everything off. Do you want me to redo the OTL without MS Configing or do you want me to continue with the next steps?

SheaReinke, Nov 12, 2011

#17
Broni Malware Annihilator

I did NOT ask you to make any changes in "msconfig".
"msconfig" is NOT a startup control tool and under normal circumstances there is no reason to play with it.
"msconfig" is strictly for troubleshooting purposes.

My instructions clearly stated at the very beginning not to make any changes to your computer except for those prescribed by me.

Broni, Nov 12, 2011

#18
SheaReinke Newcomer, in training

Sorry, I endeavor to improve. What would you like me to do next?

SheaReinke, Nov 12, 2011

#19
Broni Malware Annihilator

Reverse any changes you made and proceed with my reply #16, starting with answering my question:

What happened to Microsoft Security Essentials?
I don't see any AV program running.

Broni, Nov 12, 2011

#20

(You must log in or sign up to reply here.)

Page 1 of 2

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved