TechSpot

:reads: Log files from Step 5 :smile: Please and thank you!

By SheaReinke
Nov 10, 2011
  1. :confused: I am fairly techapable, but god damn old chum if I am out of my league right now with messing with my computer. I have AVG, Spybot S&D2, MS Castle Icon.. and a system optimizer that I paid for..seems to be doing things ..well.. I dunno, I don't really muck with the registry too much. I figure allot of this problem would be solved by 'the so called locking down of the system' which I assume has to do with ports.. :confused: or something? anyway :grinthumb

    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-10 12:53:16
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MDT_MD400EB-00CPF0 rev.06.04G06
    Running: krtcpr9m.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwecqaow.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwEnumerateKey [0xF7532018]
    SSDT sptd.sys ZwEnumerateValueKey [0xF75323A6]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\aiylr8gy \Device\Scsi\aiylr8gy1Port2Path0Target0Lun0 899F11E8
    Device \Driver\aiylr8gy \Device\Scsi\aiylr8gy1 899F11E8
    Device \FileSystem\Ntfs \Ntfs 89C121E8
    Device \FileSystem\Fastfat \Fat 89672430

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    mbam-log-2011-11-10

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8122

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/10/2011 2:57:49 AM
    mbam-log-2011-11-10 (02-57-48).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 301622
    Time elapsed: 2 hour(s), 53 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    & D.D.S.

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Owner at 14:01:20 on 2011-11-10
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1469 [GMT -8:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\tmp\dn_00000420_00010379\RapportSetup-Full.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG8\avgrsx.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/advanced_search?hl=en
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: windowsupdate.com\download
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1317519239530
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{56805CA3-4887-45E9-BC73-0B5EBB2E421F} : DhcpNameServer = 192.168.7.254
    TCP: Interfaces\{BD7DA048-8D28-4997-81AA-993AC03FE088} : DhcpNameServer = 192.168.7.254
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: SDWinLogon - SDWinLogon.dll
    Notify: TPSvc - TPSvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Quick View Plus - ShellExecute Hook: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\e97gqy55.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.cafeworld.com/ | http://plus.google.com | http://celebrity.myspace.com
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== File Associations ===============
    .
    cmdfile=NOTEPAD.EXE %1
    JSEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2011-11-10 06:36:54 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1035f0a-e6d8-4e9e-b691-3a76de25b50a}\mpengine.dll
    2011-11-08 05:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-11-07 21:08:25 -------- d-----w- c:\documents and settings\owner\local settings\application data\FixItCenter
    2011-11-07 20:29:50 -------- d-----w- c:\windows\MATS
    2011-11-07 20:29:47 -------- d-----w- c:\program files\Microsoft Fix it Center
    2011-11-07 20:22:51 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2011-11-07 20:22:51 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-11-07 20:22:41 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
    2011-11-07 20:22:41 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-11-07 20:06:09 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
    2011-11-07 19:19:41 -------- d-----w- c:\program files\VIA
    2011-11-07 19:11:39 -------- d-----w- c:\program files\StartNow Toolbar
    2011-11-06 00:22:28 1034240 ----a-r- c:\windows\system32\drivers\AE2500xp.sys
    2011-11-06 00:21:29 88696 ----a-r- c:\windows\system32\packet.dll
    2011-11-06 00:21:29 68224 ----a-r- c:\windows\system32\WanPacket.dll
    2011-11-06 00:21:29 53299 ----a-r- c:\windows\system32\pthreadVC.dll
    2011-11-06 00:21:29 34064 ----a-r- c:\windows\system32\drivers\npf.sys
    2011-11-06 00:21:29 240248 ----a-r- c:\windows\system32\wpcap.dll
    2011-11-04 22:36:42 -------- d-----w- c:\program files\Windows AIK
    2011-11-04 22:25:38 -------- d-----w- C:\SpybotBootCD
    2011-11-03 22:05:58 -------- d-----w- C:\ProcAlyzer Dumps
    2011-11-03 19:43:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-11-03 19:43:22 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2011-11-03 19:43:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-11-02 15:56:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-10-26 07:05:21 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-10-26 07:05:21 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-10-26 07:01:29 -------- d-----w- c:\program files\iPod
    2011-10-26 07:01:19 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-10-26 07:01:18 -------- d-----w- c:\program files\iTunes
    2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-24 01:18:08 -------- d-----w- c:\program files\Cisco Systems
    2011-10-23 22:13:03 335104 ----a-w- c:\windows\system\rtl8187B.sys
    2011-10-23 22:13:03 -------- d-----w- c:\windows\OPTIONS
    2011-10-23 22:13:00 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
    2011-10-23 19:20:32 -------- d-----w- c:\windows\Performance
    2011-10-23 19:20:19 -------- d-----w- c:\documents and settings\owner\local settings\application data\Microsoft Corporation
    2011-10-23 19:19:07 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-10-22 21:16:36 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
    2011-10-21 08:22:01 -------- d-----w- c:\program files\MemTurbo 4
    2011-10-21 07:16:50 -------- d-----w- c:\program files\Hard Disk Tune-Up
    2011-10-21 06:26:55 -------- d-----w- c:\documents and settings\owner\application data\Systweak
    2011-10-21 06:26:14 -------- d-----w- c:\program files\Advanced System Optimizer 3
    2011-10-18 02:46:52 -------- d-----w- c:\documents and settings\owner\application data\Sammsoft
    2011-10-18 02:45:05 -------- d-----w- c:\program files\ARO 2011
    2011-10-18 02:36:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\OpenCandy
    2011-10-18 02:36:07 -------- d-----w- c:\documents and settings\owner\application data\OpenCandy
    2011-10-18 02:35:56 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-10-18 02:35:30 -------- d-----w- c:\program files\DAEMON Tools Lite
    2011-10-18 02:34:52 -------- d-----w- c:\documents and settings\owner\application data\DAEMON Tools Lite
    2011-10-18 02:34:20 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
    2011-10-17 03:46:46 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
    2011-10-17 03:46:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-10-17 03:46:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-17 03:46:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-17 02:20:06 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-10-17 02:17:58 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-17 02:10:37 -------- d-----w- c:\program files\Microsoft Security Client
    2011-10-16 02:18:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-12 04:45:27 -------- d-----w- c:\program files\C-Media
    .
    ==================== Find3M ====================
    .
    2011-10-31 23:00:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-03 10:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 06:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-31 06:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    ============= FINISH: 14:05:30.24 ===============

    ..D.D.S. is still running.. I ..didn't.. turn off the security systems for GMER and DDS
    I can run it again, but they ran! :grin: I mean I have done some document guided troubleshooting before and the four redundant security packs seems to have not stopped the D.D.S. Is there a recommended Registry Optimizer? Google suggests the ARO package ..and Solarwinds products like everywhere I go ~ I try to stay logged in to get better ad targeting from my searchs..ya know. 'Whats the incognito mode for?' ~Opera Unite!

    :waits:

    Ok, maybe using the internet while running D.D.S. was a bad idea..turned off the power timeout feature on the desktop too.. that might have done it.. eitherway I am going to post, unplug, and msconfig ~ BRB w/EDIT:D.D.S. Log!
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    All logs have to be pasted not attached.
    Please paste Attach.txt log in your next reply.

    I don't see anything malicious so far.

    You're running two AV programs though, MSE and AVG.
    One of them has to go.
    If AVG (that would be my suggestion) use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

    Tel me more about your computer issues.
     
  3. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    Ug, sorry forgot it said that in the five steps.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/5/2009 2:06:25 AM
    System Uptime: 11/10/2011 1:56:40 PM (1 hours ago)
    .
    Motherboard: | | KT333CF-8235
    Processor: AMD Athlon(tm) XP rrsossor | Socket A | 1794/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 10.755 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Linksys AE2500
    Device ID: USB\VID_13B1&PID_003A\000000000001
    Manufacturer: Cisco Consumer Products LLC
    Name: Linksys AE2500
    PNP Device ID: USB\VID_13B1&PID_003A\000000000001
    Service: Linksys_adapter_H
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: VIA Rhine II Fast Ethernet Adapter
    Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
    Manufacturer: VIA Technologies, Inc.
    Name: VIA Rhine II Fast Ethernet Adapter
    PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
    Service: FET5X86V
    .
    ==== System Restore Points ===================
    .
    RP238: 10/30/2011 6:16:01 PM - ARO 2011- Before One Click
    RP239: 10/30/2011 6:49:14 PM - Advanced System Optimizer
    RP240: 10/30/2011 7:27:01 PM - ARO 2011- Before One Click
    RP241: 10/31/2011 2:48:21 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP242: 10/31/2011 2:56:39 PM - Software Distribution Service 3.0
    RP243: 10/31/2011 3:01:36 PM - ARO 2011- Before One Click
    RP244: 10/31/2011 3:16:36 PM - Software Distribution Service 3.0
    RP245: 10/31/2011 3:19:29 PM - Software Distribution Service 3.0
    RP246: 10/31/2011 5:19:34 PM - ARO 2011- Before One Click
    RP247: 11/1/2011 4:48:26 PM - ARO 2011- Before One Click
    RP248: 11/1/2011 5:05:55 PM - Software Distribution Service 3.0
    RP249: 11/2/2011 5:01:26 PM - Software Distribution Service 3.0
    RP250: 11/3/2011 1:24:05 PM - C
    RP251: 11/3/2011 2:45:53 PM - ARO 2011- Before One Click
    RP252: 11/3/2011 3:03:57 PM - C
    RP253: 11/4/2011 5:11:23 PM - System Checkpoint
    RP254: 11/4/2011 10:47:13 PM - ARO 2011- Before One Click
    RP255: 11/4/2011 11:13:21 PM - Software Distribution Service 3.0
    RP256: 11/4/2011 11:19:21 PM - Advanced System Optimizer
    RP257: 11/5/2011 4:10:52 PM - Removed Airlink101 USB Wireless Configuration Utility
    RP258: 11/5/2011 4:17:31 PM - ARO 2011- Before One Click
    RP259: 11/5/2011 11:52:39 PM - Software Distribution Service 3.0
    RP260: 11/5/2011 11:56:47 PM - Advanced System Optimizer
    RP261: 11/7/2011 8:34:47 AM - Software Distribution Service 3.0
    RP262: 11/7/2011 9:28:29 AM - Advanced System Optimizer
    RP263: 11/7/2011 11:19:35 AM - Installed Platform
    RP264: 11/8/2011 7:47:36 PM - Software Distribution Service 3.0
    RP265: 11/9/2011 10:15:06 PM - Software Distribution Service 3.0
    RP266: 11/9/2011 10:36:44 PM - Software Distribution Service 3.0
    RP267: 11/9/2011 10:44:10 PM - Advanced System Optimizer
    RP268: 11/10/2011 12:41:34 PM - Installed Java(TM) 6 Update 29
    RP269: 11/10/2011 2:01:32 PM - Installed Rapport
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 2.0
    Adobe Reader 9.4.6
    Advanced System Optimizer
    Agere Systems PCI Soft Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ARO 2011
    AVG Free 8.5
    Bonjour
    Certblaster CompTIA Network+ (2009 Edition)
    Cisco Connect
    DAEMON Tools Lite
    FileZilla Client 3.5.1
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Hard Disk Tune-Up 1.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HTML-Kit
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    Jing
    Junk Mail filter update
    LibreOffice 3.3
    LSI PCI Soft Modem
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MemTurbo 4
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Fix it Center
    Microsoft Interactive Training
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSN
    MSVCRT
    MyPDF Maker
    Notepad++
    Opera 11.52
    PADI Instructor Manual 2008 - English
    PCI Audio Driver
    Platform
    Quick View Plus
    QuickTime
    Rapport
    REALTEK RTL8187B Wireless LAN Driver
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Spybot - Search & Destroy 2
    StartNow Toolbar
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VIA Platform Device Manager
    VIA Rhine-Family Fast-Ethernet Adapter
    WebFldrs XP
    Windows 7 Upgrade Advisor
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WordPerfect Office 2002 Professional
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/9/2011 11:55:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    11/9/2011 11:55:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
    11/9/2011 11:55:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
    11/9/2011 10:17:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1506.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/9/2011 10:17:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1506.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/9/2011 10:17:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1506.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/7/2011 7:59:11 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\comctl32.dll. Reference error message: Error Message is unavailable .
    11/7/2011 12:33:18 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    11/7/2011 11:31:53 AM, error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).
    11/6/2011 8:30:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RapportMgmtService service.
    11/6/2011 7:28:38 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
    11/6/2011 7:23:09 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    11/6/2011 5:43:09 PM, error: Service Control Manager [7000] - The AVG8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/6/2011 5:43:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG8 E-mail Scanner service to connect.
    11/6/2011 4:03:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
    11/6/2011 4:03:14 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/6/2011 4:02:34 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    11/6/2011 3:26:39 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/6/2011 3:26:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
    11/6/2011 3:26:38 PM, error: Service Control Manager [7000] - The NWLink SPX/SPXII Protocol service failed to start due to the following error: The system cannot find the file specified.
    11/6/2011 3:26:36 PM, error: Service Control Manager [7000] - The Realtek EAPPkt Protocol service failed to start due to the following error: The system cannot find the file specified.
    11/5/2011 2:56:16 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/5/2011 2:56:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    11/5/2011 11:33:13 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/5/2011 11:33:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
    11/5/2011 11:32:50 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    11/5/2011 11:31:52 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/5/2011 11:31:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.
    11/4/2011 9:53:15 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1119.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    11/4/2011 9:53:15 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1119.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    11/4/2011 5:30:39 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1119.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/10/2011 12:22:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Updater Service for StartNow Toolbar service to connect.
    11/10/2011 1:55:11 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    .
    ==== End Of File ===========================

    the 'toolbarupdaterservice' occasionally starts and I kill it with the task manager. I did a google search on it and you are probably familiar with its malware status. Right now things seem to be running fairly smoothly. http://screencast.com/t/KzPp8GJz <-- screen shot of my task tray. I use JING like a fiend. Absolutely love it. Not to be a pest, but why do I want only the one? I am currently reading a prep exam book for CompTIA's NET+ cert, and understanding what is going on is a high priority for me. I am really glad I found this forum! :grinthumb

    Also..what *is* the number that goes between 44 and 88 and right before 77?
    I tried 66 and 76 and neither worked..wait..did I try 76!?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Did you uninstall one of your AV programs?

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    76! Indeed!

    Ok, well where to begin?

    This machine is six years old and pretty much hasn't been turned on since 2004. I have been tasked with puttin it and five other machines into a household network. I am planning on this machine being the primary interface for daily use. Last week I wasn't barely able to connect to the internet at all, and the system was very draggy. I have been using AVG, Spybot, MSE, and a package of optimizers I got from systweak.com ~ I know everybody says the optimizers are bad, but they certainly seem to have helped get the system back into basic functioning order, and the ram defragger thing is super keen ~ I have used it like four time to unfreeze software. It seems like ( and I understand this might be coincidence ) that when a program stops responding I can run the RAM optimizer and it unfreezes the program :shrug:

    Right now the system seems to be running pretty good, but stuff like 'toolbarupdaterservice' keeps popping up, and some sites like Facebook seem to be responding very very slowly. In other words ~ I think I have gotten the box to about as good as I can get it using software fixers. Also ~ I want to understand what is going on so that I can prevent this phenomena from happening to the other machines as I bring them online. None of them have seen the internet for six years either. I plan on making one of them a proxy server for added security and one is intended to be a :sigh: 'hardened' file server. In a very nontechnical conversation with the owner of the network I promised I could bring the file server online in a way that it was available to the internal network but not externally. Still trying to figure *that* out. FYI ~ My dad has a PhD in Phycology and my mom has a master's degree in Education ( fine arts ) ~ so.. feel free to get a little technical and really.. 'tell me what I am doing' the more information I can digest in this process the better!

    I have been running MS Updates regularly and trying to keep everything up to date.

    Point of interest ~ when I MS-Configed in an Admin account 'owner' ( from the original installation six years ago ) I got a 'do this as an admin' error. I wonder.. is this perhaps due to the redundant AV software ownership/conflict? ..or would that be something else?
     
  6. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    Oh!

    I mostly use Opera and keep the Unite / Webserver application on ~ and would prefer to keep that with this machine at the very least. Hardnening the proxy server is a plan, but I don't want to lock this machine down so hard that you can't use it for fun stuff like Zynga and Opera Unite.

    In a related but perhaps non-issue note - I installed a 'Microsoft Fixit Center' and was able to regain access to the sound card functionality ~ when even uninstalling and reinstalling the drivers did not seem to make any difference. The way it went was the audio wasnt working. I uninstalled and reinstalled the drivers from CNET and still not working, then I used the systweak optimizer and still nothing ..but it recommended the free fixit software. I downloaded the audio fixit suggested, and it ran ..then.. it said 'download the entire thing' and so I went to MS whatever link and downloaded the whole Fixit Center package and reran the audio component ~ viola ~ sound!
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please read my previous reply.
     
  8. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    AVG Dismissed!

    Uhh.. no.. havn't.. decided.. :sigh::grrr: AVG - uninstalling AVG ~BRB!
     
  9. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    MBR and notes

    OK, forgot to mention. One of the things that I have been using my system optimizer for. It has a 'common problems' fixxer and one of them is missing task icons. I have used that successfully maybe five times? Spybot, MSE, and odd stuff like the sound mixer icon fail to load intermittently. I run the optimizer's fixer for missing task icons, log off, and they are there again when I log back in. Here is the MBR log. I am going to msconfig (disable non-ms and startups ) and BRB.

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-10 19:47:32
    -----------------------------
    19:47:32.437 OS Version: Windows 5.1.2600 Service Pack 3
    19:47:32.437 Number of processors: 1 586 0xA00
    19:47:32.437 ComputerName: OWNER-EEF7CF997 UserName: Owner
    19:47:33.258 Initialize success
    19:54:26.653 AVAST engine defs: 11111001
    19:54:51.779 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    19:54:51.779 Disk 0 Vendor: MDT_MD400EB-00CPF0 06.04G06 Size: 38166MB BusType: 3
    19:54:53.822 Disk 0 MBR read successfully
    19:54:53.822 Disk 0 MBR scan
    19:54:54.052 Disk 0 Windows XP default MBR code
    19:54:54.062 Disk 0 scanning sectors +78140160
    19:54:54.763 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:55:38.656 Service scanning
    19:55:39.528 Service MpKsl4696110f c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1035F0A-E6D8-4E9E-B691-3A76DE25B50A}\MpKsl4696110f.sys **LOCKED** 32
    19:55:39.978 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    19:55:40.549 Modules scanning
    19:55:58.385 Disk 0 trace - called modules:
    19:55:58.445 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys viaide.sys PCIIDEX.SYS
    19:55:58.945 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4f3ab8]
    19:55:58.955 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a4f89e8]
    19:55:58.965 5 ACPI.sys[f7498620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a517940]
    19:56:00.247 AVAST engine scan C:\WINDOWS
    19:56:26.465 AVAST engine scan C:\WINDOWS\system32
    20:02:34.584 AVAST engine scan C:\WINDOWS\system32\drivers
    20:03:23.204 AVAST engine scan C:\Documents and Settings\Owner
    20:22:25.487 AVAST engine scan C:\Documents and Settings\All Users
    20:27:17.377 Scan finished successfully
    20:28:05.045 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat"
    20:28:05.075 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Go on........
     
  11. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    Combofix log!

    :cool:
    ComboFix 11-11-11.01 - Owner 11/10/2011 20:50:28.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1640 [GMT -8:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Owner\WINDOWS
    c:\program files\StartNow Toolbar
    c:\program files\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files\StartNow Toolbar\Resources\installer.xml
    c:\program files\StartNow Toolbar\Resources\protect\index.html
    c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files\StartNow Toolbar\Resources\protect\window.css
    c:\program files\StartNow Toolbar\Resources\protect\window.js
    c:\program files\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.js
    c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files\StartNow Toolbar\Resources\skin\separator.png
    c:\program files\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files\StartNow Toolbar\Resources\toolbar.xml
    c:\program files\StartNow Toolbar\Resources\update.xml
    c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files\StartNow Toolbar\Toolbar32.dll
    c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\program files\StartNow Toolbar\uninstall.dat
    c:\windows\AutoRun.ini
    c:\windows\dasetup.log
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_Updater_Service_for_StartNow_Toolbar
    -------\Legacy_Updater_Service_for_StartNow_Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-11 00:23 . 2001-07-31 01:50 125440 ------w- c:\windows\system32\sx96v32.dll
    2011-11-11 00:22 . 2011-11-11 00:23 -------- d-----w- c:\windows\speech
    2011-11-11 00:22 . 2011-11-11 00:22 -------- d-----w- c:\program files\Dragon Systems
    2011-11-10 23:04 . 2011-11-11 04:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
    2011-11-10 23:04 . 2011-11-10 23:04 -------- d-----r- c:\program files\Skype
    2011-11-10 23:04 . 2011-11-10 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2011-11-10 22:02 . 2011-11-10 22:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Trusteer
    2011-11-10 06:36 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1035F0A-E6D8-4E9E-B691-3A76DE25B50A}\mpengine.dll
    2011-11-08 05:28 . 2011-11-08 05:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-11-07 21:08 . 2011-11-07 21:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter
    2011-11-07 20:29 . 2011-11-07 20:29 -------- d-----w- c:\windows\MATS
    2011-11-07 20:29 . 2011-11-07 20:29 -------- d-----w- c:\program files\Microsoft Fix it Center
    2011-11-07 20:22 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2011-11-07 20:22 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-11-07 20:22 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
    2011-11-07 20:22 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-11-07 20:06 . 2011-11-07 20:06 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
    2011-11-07 19:19 . 2011-11-07 19:23 -------- d-----w- c:\program files\VIA
    2011-11-07 19:19 . 2011-11-11 00:18 -------- d-----w- c:\program files\Common Files\InstallShield
    2011-11-06 00:22 . 2011-03-30 06:22 1034240 ----a-r- c:\windows\system32\drivers\AE2500xp.sys
    2011-11-05 00:30 . 2011-11-05 00:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
    2011-11-04 22:36 . 2011-11-06 02:45 -------- d-----w- c:\program files\Windows AIK
    2011-11-04 22:25 . 2011-11-04 22:25 -------- d-----w- C:\SpybotBootCD
    2011-11-03 23:06 . 2011-11-05 23:23 -------- d-----w- c:\documents and settings\Browser
    2011-11-03 22:05 . 2011-11-03 22:05 -------- d-----w- C:\ProcAlyzer Dumps
    2011-11-03 19:43 . 2011-11-03 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-11-03 19:43 . 2009-01-25 20:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2011-11-03 19:43 . 2011-11-10 07:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-11-02 15:56 . 2011-11-02 15:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-11-01 23:46 . 2011-11-01 23:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
    2011-10-31 23:03 . 2011-10-31 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2011-10-31 01:34 . 2011-10-31 01:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    2011-10-26 07:05 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-10-26 07:05 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-10-26 07:01 . 2011-10-26 07:01 -------- d-----w- c:\program files\iPod
    2011-10-26 07:01 . 2011-10-26 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-10-26 07:01 . 2011-10-26 07:05 -------- d-----w- c:\program files\iTunes
    2011-10-26 06:59 . 2011-10-26 06:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2011-10-26 06:07 . 2011-10-26 06:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
    2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-24 01:18 . 2011-10-24 01:18 -------- d-----w- c:\program files\Cisco Systems
    2011-10-23 22:13 . 2011-10-23 22:13 -------- d-----w- c:\windows\OPTIONS
    2011-10-23 22:13 . 2008-06-26 13:26 335104 ----a-w- c:\windows\system\rtl8187B.sys
    2011-10-23 22:13 . 2011-10-23 22:13 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
    2011-10-23 19:20 . 2011-10-23 19:20 -------- d-----w- c:\windows\Performance
    2011-10-23 19:20 . 2011-10-23 19:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Corporation
    2011-10-23 19:19 . 2011-10-23 19:19 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-10-22 21:16 . 2011-10-31 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2011-10-21 20:32 . 2011-10-28 05:33 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla
    2011-10-21 20:31 . 2011-10-21 20:31 -------- d-----w- c:\program files\FileZilla FTP Client
    2011-10-21 08:22 . 2011-10-21 08:22 -------- d-----w- c:\program files\MemTurbo 4
    2011-10-21 07:16 . 2011-10-21 07:16 -------- d-----w- c:\program files\Hard Disk Tune-Up
    2011-10-21 06:26 . 2011-10-21 06:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Systweak
    2011-10-21 06:26 . 2011-10-21 06:26 -------- d-----w- c:\program files\Advanced System Optimizer 3
    2011-10-18 02:46 . 2011-10-21 07:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Sammsoft
    2011-10-18 02:45 . 2011-10-21 05:20 -------- d-----w- c:\program files\ARO 2011
    2011-10-18 02:36 . 2011-10-18 03:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\OpenCandy
    2011-10-18 02:36 . 2011-10-18 02:39 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenCandy
    2011-10-18 02:35 . 2011-10-18 02:35 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-10-18 02:35 . 2011-10-18 02:35 -------- d-----w- c:\program files\DAEMON Tools Lite
    2011-10-18 02:34 . 2011-10-18 03:57 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
    2011-10-18 02:34 . 2011-10-18 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2011-10-17 03:46 . 2011-10-17 03:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2011-10-17 03:46 . 2011-10-17 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-10-17 03:46 . 2011-10-17 03:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-17 03:46 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-17 02:20 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-17 02:17 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-17 02:10 . 2011-10-17 02:11 -------- d-----w- c:\program files\Microsoft Security Client
    2011-10-16 02:18 . 2011-10-16 02:18 -------- d-----w- c:\program files\Common Files\Java
    2011-10-16 02:18 . 2011-10-03 13:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-31 23:00 . 2011-10-11 18:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2009-02-05 10:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-03 10:37 . 2009-11-27 04:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-26 18:41 . 2010-03-18 17:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41 . 2004-08-12 14:02 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41 . 2004-08-12 14:02 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-19 02:42 . 2011-09-19 02:42 5120 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{AFE68D65-01D4-4B1A-902D-2660BC0C503F}\IconTmpl.6CB586F0_5D86_454E_A763_2AAC2F44EA18.exe
    2011-09-09 09:12 . 2004-08-12 13:56 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2004-08-12 14:09 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 06:05 . 2011-08-31 06:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-31 06:05 . 2011-08-31 06:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-08-22 23:48 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2004-08-12 13:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49 . 2004-08-12 13:55 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-09-29 06:53 . 2011-10-08 01:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [1999-01-14 41472]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk]
    backup=c:\windows\pss\CorelCENTRAL 10.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Security Essentials.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Security Essentials.lnk
    backup=c:\windows\pss\Microsoft Security Essentials.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Contents.URL]
    backup=c:\windows\pss\Contents.URLStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MemTurbo.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MemTurbo.lnk
    backup=c:\windows\pss\MemTurbo.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-06-29 17:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-10-06 08:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
    2007-08-09 23:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    2002-07-13 00:33 1581056 ----a-w- c:\windows\mixer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-10-10 01:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
    2010-08-19 22:23 3069192 ----a-w- c:\program files\TechSmith\Jing\Jing.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
    2001-10-02 06:36 77887 ----a-w- c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
    2011-08-04 23:18 3225504 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-10-13 17:36 19549320 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
    2011-08-04 23:17 3008408 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-02-23 06:23 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "szserver"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "Updater Service for StartNow Toolbar"=2 (0x2)
    "SeaPort"=2 (0x2)
    "SDUpdateService"=2 (0x2)
    "SDScannerService"=2 (0x2)
    "SDHookService"=2 (0x2)
    "RapportMgmtService"=2 (0x2)
    "MsMpSvc"=2 (0x2)
    "MatSvc"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "Hard Disk Tune-Up"=2 (0x2)
    "gusvc"=2 (0x2)
    "gupdatem"=3 (0x3)
    "gupdate1ca2eb039d50a60"=2 (0x2)
    "fsssvc"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "bepldr"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    "AgereModemAudio"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Chami\\HTML-Kit\\Bin\\HTMLKit.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/7/2011 9:28 PM 56208]
    R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
    R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [11/7/2011 9:30 PM 227312]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/7/2011 9:28 PM 71440]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/7/2011 9:28 PM 164112]
    R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [11/3/2011 11:43 AM 38504]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/7/2011 9:28 PM 931640]
    R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [11/5/2011 4:22 PM 1034240]
    R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [11/7/2011 9:30 PM 21520]
    R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2/4/2009 5:54 PM 166720]
    S1 MpKslb27ba595;MpKslb27ba595;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E14880A5-C765-487F-BEF6-AA08FC1245B3}\MpKslb27ba595.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E14880A5-C765-487F-BEF6-AA08FC1245B3}\MpKslb27ba595.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/12/2004 6:06 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    S4 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [11/14/2006 10:34 AM 147456]
    S4 gupdate1ca2eb039d50a60;Google Update Service (gupdate1ca2eb039d50a60);c:\program files\Google\Update\GoogleUpdate.exe [9/5/2009 9:09 PM 133104]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/5/2009 9:09 PM 133104]
    S4 Hard Disk Tune-Up;Hard Disk Tune-Up;c:\program files\Hard Disk Tune-Up\HDTuneUpSrv.exe [10/20/2011 11:16 PM 441344]
    S4 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
    S4 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [11/3/2011 11:43 AM 130976]
    S4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/3/2011 11:43 AM 1082800]
    S4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/3/2011 11:43 AM 1149864]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
    .
    2011-10-21 c:\windows\Tasks\ASO-AutoCheckUpdate7Days.job
    - c:\program files\Advanced System Optimizer 3\CheckUpdate.exe [2011-10-21 23:38]
    .
    2011-11-09 c:\windows\Tasks\ASO-Driver Updater.job
    - c:\program files\Advanced System Optimizer 3\DriverUpdater.exe [2011-10-21 23:36]
    .
    2011-11-08 c:\windows\Tasks\ASO-OneClickCare.job
    - c:\program files\Advanced System Optimizer 3\ASO3.exe [2011-10-21 23:37]
    .
    2011-11-11 c:\windows\Tasks\ASO-SystemCleaner.job
    - c:\program files\Advanced System Optimizer 3\SystemCleaner.exe [2011-10-21 23:37]
    .
    2011-11-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-11-03 23:18]
    .
    2011-11-11 c:\windows\Tasks\ConfigExec.job
    - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 06:09]
    .
    2011-11-11 c:\windows\Tasks\DataUpload.job
    - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 06:09]
    .
    2011-11-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 06:38]
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 05:09]
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 05:09]
    .
    2011-11-11 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
    .
    2011-11-11 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-11-03 23:17]
    .
    2011-11-11 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-11-03 23:17]
    .
    2011-11-11 c:\windows\Tasks\User_Feed_Synchronization-{7C615A86-7B59-4AAC-A917-A03BE9834C2F}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
    .
    2011-11-11 c:\windows\Tasks\User_Feed_Synchronization-{8F5D7231-C4FB-4BA7-816B-740CD767992A}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/advanced_search?hl=en
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: windowsupdate.com\download
    TCP: DhcpNameServer = 192.168.7.254
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e97gqy55.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.cafeworld.com/ | http://plus.google.com | http://celebrity.myspace.com
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-avgrsstarter - avgrsstx.dll
    Notify-SDWinLogon - SDWinLogon.dll
    Notify-TPSvc - TPSvc.dll
    MSConfigStartUp-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel
    AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-10 21:03
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2052111302-1682526488-854245398-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3784)
    c:\windows\system32\WININET.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
    c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
    c:\progra~1\MICROS~2\Office10\MCPS.DLL
    c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\mspaint.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-10 21:13:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-11 05:12
    .
    Pre-Run: 11,271,135,232 bytes free
    Post-Run: 11,783,122,944 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    [spybotsd]
    timeout.old=30
    .
    - - End Of File - - A690CDECE5C838AF01F50F09DC357E20

    Hell yeah - this thing tanked explorer twice but I noticed it deleted that bastard toolbarupdater :smirk: Oh! msconfiging I got that error again.
    http://screencast.com/t/DoGGvwjOb

    OK, what next? Any comments on the data presented? Anything I should be looking at specifically? Quick question :smirk: I keep asking questions you keep answering? Like....... '19:55:58.385 Disk 0 trace - called modules:' wuzzat mean?

    :D
     
  12. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

  13. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    The other problem

    This is really why I feel like simply running the scans and such ain't sufficient. I opened up Opera and the browser stalled while loading the page no less than ten times. It loaded the page partially and I could see it, but the progress/elements bar stalled at like about 70 or 80 elements or so. Took ten or so page reloads to get Opera to say 'done' ... makes me concerned ... ya know?
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Uninstall Advanced System Optimizer 3
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ===================================================================

    Combofix log looks good.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    Well that was epc annoying, OTL

    Something needs fixing..the system froze solid four times and lost track of the Wireless stick ( USB ). The Log,

    OTL logfile created on: 11/11/2011 10:28:22 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Test\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 80.93% Memory free
    2.23 Gb Paging File | 1.99 Gb Available in Paging File | 89.23% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 11.77 Gb Free Space | 31.60% Space Free | Partition Type: NTFS

    Computer Name: OWNER-EEF7CF997 | User Name: Test | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/10 22:16:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Test\Desktop\OTL.exe
    PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2011/08/04 15:17:58 | 003,148,200 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
    PRC - [2011/08/04 15:17:34 | 003,219,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/07 21:30:22 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/08/28 13:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2011/07/26 10:56:16 | 000,576,512 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
    MOD - [2011/04/20 11:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2011/08/04 15:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
    SRV - [2011/08/04 15:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
    SRV - [2011/08/04 15:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
    SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
    SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/03/25 13:01:30 | 000,441,344 | ---- | M] (Sammsoft) [Disabled | Stopped] -- C:\Program Files\Hard Disk Tune-Up\HDTuneUpSrv.exe -- (Hard Disk Tune-Up)
    SRV - [2006/11/14 10:34:06 | 000,147,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/11/07 21:30:22 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
    DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
    DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2011/10/17 18:35:58 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2011/08/04 15:17:08 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)
    DRV - [2011/03/29 22:22:30 | 001,034,240 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AE2500xp.sys -- (Linksys_adapter_H)
    DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2009/08/13 14:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2007/06/27 14:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
    DRV - [2004/08/12 06:02:46 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/12 06:02:46 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2002/07/16 10:58:12 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
    DRV - [2001/08/17 04:50:34 | 000,166,720 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3m.sys -- (s3m)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 21 EE DA 55 7E CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/02 07:56:54 | 000,000,000 | ---D | M]

    [2011/11/10 12:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/10/15 18:18:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/11/10 12:42:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2011/09/28 22:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/09/28 16:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/11/10 21:03:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DgnWebIE) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll (Dragon Systems)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab (Macromedia Authorware Web Player Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1317519239530 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56805CA3-4887-45E9-BC73-0B5EBB2E421F}: DhcpNameServer = 192.168.7.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BF40466-8D5C-40BB-A5EE-BBC0B7FA4B8A}: DhcpNameServer = 192.168.7.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD7DA048-8D28-4997-81AA-993AC03FE088}: DhcpNameServer = 192.168.7.254
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll ()
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/02/05 02:03:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell - "" = AutoRun
    O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell\AutoRun\command - "" = F:\WIN\setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/11 10:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Test\Desktop\Unused Desktop Shortcuts
    [2011/11/11 10:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Test\Local Settings\Application Data\Apple Computer
    [2011/11/11 10:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Test\Application Data\Apple Computer
    [2011/11/11 10:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Test\Local Settings\Application Data\Trusteer
    [2011/11/10 22:16:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Test\Desktop\OTL.exe
    [2011/11/10 21:13:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/11/10 20:47:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/11/10 20:44:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/11/10 20:44:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/11/10 20:44:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/11/10 20:44:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/11/10 20:44:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/11/10 20:43:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/10 16:23:45 | 000,125,440 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\sx96v32.dll
    [2011/11/10 16:22:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
    [2011/11/10 16:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dragon Systems
    [2011/11/10 15:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    [2011/11/10 15:04:11 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2011/11/10 15:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
    [2011/11/10 12:42:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/11/10 12:42:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/11/10 12:42:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2011/11/07 12:29:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
    [2011/11/07 12:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
    [2011/11/07 12:22:51 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
    [2011/11/07 12:22:41 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
    [2011/11/07 11:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
    [2011/11/07 11:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
    [2011/11/05 16:22:28 | 001,034,240 | R--- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\AE2500xp.sys
    [2011/11/04 16:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
    [2011/11/04 14:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows AIK
    [2011/11/04 14:25:38 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
    [2011/11/03 14:05:58 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
    [2011/11/03 11:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2011/11/03 11:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
    [2011/11/03 11:43:22 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
    [2011/11/03 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2011/11/01 15:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
    [2011/10/31 15:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2011/10/30 17:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
    [2011/10/25 23:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/10/25 23:05:21 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
    [2011/10/25 23:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/10/25 23:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/10/25 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/10/25 22:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2011/10/25 22:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2011/10/24 13:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
    [2011/10/24 13:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
    [2011/10/23 17:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
    [2011/10/23 14:13:03 | 000,335,104 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System\rtl8187B.sys
    [2011/10/23 14:13:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
    [2011/10/23 14:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
    [2011/10/23 11:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
    [2011/10/23 11:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
    [2011/10/22 13:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2011/10/21 12:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
    [2011/10/21 12:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
    [2011/10/21 00:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MemTurbo
    [2011/10/21 00:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\MemTurbo 4
    [2011/10/20 23:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hard Disk Tune-Up
    [2011/10/20 23:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hard Disk Tune-Up
    [2011/10/20 22:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced System Optimizer 3
    [2011/10/20 22:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer 3
    [2011/10/17 18:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
    [2011/10/17 18:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
    [2011/10/17 18:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
    [2011/10/17 18:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
    [2011/10/17 18:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2011/10/16 19:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/10/16 19:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/10/16 19:46:23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/10/16 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/10/16 18:17:58 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2011/10/16 18:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/10/15 18:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/10/15 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/10/15 18:18:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/11 10:28:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7C615A86-7B59-4AAC-A917-A03BE9834C2F}.job
    [2011/11/11 10:27:18 | 000,000,355 | RHS- | M] () -- C:\boot.ini
    [2011/11/11 10:26:33 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
    [2011/11/11 10:26:19 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
    [2011/11/11 10:26:18 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/11 10:26:17 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2011/11/11 10:26:16 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
    [2011/11/11 10:25:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/11 10:25:41 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/11 10:20:25 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Test\Desktop\Shortcut to &Run....lnk
    [2011/11/11 10:20:22 | 000,497,546 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\working3.PNG
    [2011/11/11 10:19:31 | 000,521,322 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\working2.PNG
    [2011/11/11 10:19:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/11/11 10:17:46 | 000,520,587 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\working.PNG
    [2011/11/11 10:14:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/11 10:13:53 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8F5D7231-C4FB-4BA7-816B-740CD767992A}.job
    [2011/11/11 10:02:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/11/11 09:55:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/11/10 22:16:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Test\Desktop\OTL.exe
    [2011/11/10 21:03:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/11/10 20:41:11 | 000,000,239 | ---- | M] () -- C:\Boot.bak
    [2011/11/10 20:32:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
    [2011/11/10 19:34:53 | 000,012,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/11/10 16:30:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\audio.INI
    [2011/11/10 16:28:03 | 000,000,219 | ---- | M] () -- C:\WINDOWS\dgnsetup.ini
    [2011/11/10 16:27:59 | 000,000,668 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
    [2011/11/10 15:13:43 | 000,060,686 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\shea01.png
    [2011/11/10 14:55:46 | 022,478,848 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\SkypeSetup.msi
    [2011/11/10 14:25:13 | 000,501,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/11/10 14:25:13 | 000,086,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/11/09 23:47:31 | 000,000,217 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2011/11/08 23:07:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2011/11/07 12:29:53 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix*it Center.lnk
    [2011/11/07 11:09:19 | 000,000,025 | ---- | M] () -- C:\WINDOWS\mixerdef.ini
    [2011/10/31 15:00:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/10/29 21:05:07 | 000,000,793 | ---- | M] () -- C:\WINDOWS\lrun32.ini
    [2011/10/24 13:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
    [2011/10/24 13:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
    [2011/10/23 13:32:39 | 000,012,634 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
    [2011/10/16 18:11:30 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/11 10:20:25 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Test\Desktop\Shortcut to &Run....lnk
    [2011/11/11 10:20:22 | 000,497,546 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\working3.PNG
    [2011/11/11 10:19:30 | 000,521,322 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\working2.PNG
    [2011/11/11 10:17:45 | 000,520,587 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\working.PNG
    [2011/11/10 20:47:41 | 000,000,239 | ---- | C] () -- C:\Boot.bak
    [2011/11/10 20:47:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/11/10 20:44:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/11/10 20:44:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/11/10 20:44:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/11/10 20:44:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/11/10 20:44:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/11/10 16:30:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\audio.INI
    [2011/11/10 16:24:10 | 000,000,668 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2011/11/10 16:24:08 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Dragon NaturallySpeaking.lnk
    [2011/11/10 16:18:27 | 000,000,219 | ---- | C] () -- C:\WINDOWS\dgnsetup.ini
    [2011/11/10 15:13:43 | 000,060,686 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\shea01.png
    [2011/11/10 14:49:50 | 022,478,848 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\SkypeSetup.msi
    [2011/11/07 12:32:49 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
    [2011/11/07 12:32:48 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
    [2011/11/07 12:29:53 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
    [2011/11/07 12:29:53 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix*it Center.lnk
    [2011/11/07 11:23:14 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vinyl Deck.lnk
    [2011/11/03 12:21:55 | 000,000,217 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2011/11/03 11:44:06 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
    [2011/11/03 11:44:03 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2011/11/03 11:44:00 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
    [2011/11/03 11:43:37 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2011/10/23 17:18:42 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Connect.lnk
    [2011/10/23 11:19:12 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
    [2011/10/20 19:13:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/10/16 18:16:15 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/10/16 18:11:30 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2011/10/11 20:45:28 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
    [2011/10/11 13:02:44 | 000,032,044 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/10/06 17:37:48 | 000,000,793 | ---- | C] () -- C:\WINDOWS\lrun32.ini
    [2011/09/29 19:21:48 | 000,339,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/09/28 17:31:12 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
    [2009/10/10 18:14:36 | 000,000,173 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
    [2009/08/24 17:23:55 | 000,007,658 | ---- | C] () -- C:\WINDOWS\extend.dat
    [2009/04/27 21:09:38 | 000,041,472 | ---- | C] () -- C:\WINDOWS\qvphook.dll
    [2009/04/27 20:54:38 | 000,000,895 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/02/16 14:26:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
    [2009/02/05 02:06:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/02/05 02:00:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/02/04 17:52:21 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/02/04 17:49:29 | 000,172,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
    [2004/08/12 06:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/12 06:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/12 06:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/12 06:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/12 06:03:20 | 000,501,936 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/12 06:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/12 06:03:19 | 000,086,418 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/12 06:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/12 05:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/12 05:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/12 05:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/12 05:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/11/19 15:46:20 | 000,036,924 | ---- | C] () -- C:\WINDOWS\cmijack.dat
    [2002/11/19 15:43:38 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
    [1996/11/16 23:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
    [1996/11/16 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
    [1996/11/16 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
    [1996/11/16 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

    < End of report >

    I paid for my optimizer stuff and it has a few tools I want to use, but I will recognize the strength of your suggestion and refrain from using it wontonly. I have not used it during this process as requested. One of the things about buying the package is you get a phone number to call should you get to that point - ya know?

    The entire process log of getting the OTL Log,

    I downloaded the OTL and ran it with exceptions from the desktop.
    The system froze. OTL was on line '%systemroot%\System32\config\*.sav'
    Reboot
    I get a DOS recovery console I have never seen before. I choose normal.
    I loggin to an Alt-Admin account that I created sometime ago (1)
    I cannot activate the run command from the start menu.
    Windows prompts to create a shortcut to run on the desktop.
    I can't run the shortcut to run from the desktop.
    I use win-r and MS Config ( Disable Non-MS Services and All Startups )
    I get this error using MSConfig http://screencast.com/t/DoGGvwjOb (2)
    Recovery Console - I choose normal.
    In the Alt-Admin I test the run shortcuts. All three work.
    I run OTL. Completes.
    I open the Control Panel to get to the error log ( curious )
    Windows firewall pops up and I have to unblock explorer.exe ( !? )
    I look through the last two weeks of errors.
    I MS Config back to normal and get the error again. (2)
    Recovery Console - I choose normal.
    I open up Opera and almost past the OTL Log and Extras file here, but
    System Freezes. Reboot, Recovery Console, I choose normal.
    Log into Alt-Admin Account.
    I MS Config ( Disable non-ms and all startups ) error (2)
    Log into Alt-Admin and I run OTL with the correct exceptions.
    I MS Config back to normal and get the error again (2)
    Primary User comes up without the Wireless USB, or any AV software. (3)
    I choose to Switch User to the Alt-Admin and the system freezes.
    Reboot. Recovery Council, I choose normal.
    Logged into Alt-Admin and Wireless USB does not load, MSE does.
    Checked Add Hardware tool on the control panel.
    Add Hardware wizard says that a piece of hardware is being installed try later.
    Checked the Device Manager and it seems to be refreshing continually.
    I MS Config with the normal option and get the error. (2)
    Recovery Console, I choose normal.
    I log into the Primary User and there is no sound, spybot, or internet.
    MSE loaded.
    Check Add Hardware wizard - same 'installing'
    Check Device Manager - same 'bouncing'
    Shut down.
    Unplug Wireless USB and USB Microphone.
    Restart, Recovery Console, I choose normal.
    Check Device Manager - not bouncing.
    Check Add Hardware wizard - it is now acting normal.
    Close control panels and plug in Wireless USB.
    System Freeze.
    Restart and everything seems to come up fine. (4)
    I launch Task Manager, shrink it.
    I Launch Opera and take the final jingshot.
    Attach the extras and second extended OTL log, and Post!

    (4)
    http://screencast.com/t/Tlsi403z42Yi[/IMG]
    (3)
    http://screencast.com/t/ilY1Vo8L[/IMG]
    (2)
    http://screencast.com/t/DoGGvwjOb[/IMG]
    (1) I created it to test the freezing problem. I thought the freezing problem had gone away after I got the optimizer, but now it seems to be back.
     

    Attached Files:

  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please observe forum rules.
    All logs have to be PASTED not attached.

    What happened to Microsoft Security Essentials?
    I don't see any AV program running.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
      O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell - "" = AutoRun
      O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\Shell\AutoRun\command - "" = F:\WIN\setup.exe
      [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    I MS Configed and turned everything off. Do you want me to redo the OTL without MS Configing or do you want me to continue with the next steps?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I did NOT ask you to make any changes in "msconfig".
    "msconfig" is NOT a startup control tool and under normal circumstances there is no reason to play with it.
    "msconfig" is strictly for troubleshooting purposes.

    My instructions clearly stated at the very beginning not to make any changes to your computer except for those prescribed by me.
     
  19. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    Sorry, I endeavor to improve. What would you like me to do next?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Reverse any changes you made and proceed with my reply #16, starting with answering my question:
     
  21. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    :shrug: I turned MSE off with MS Config :) It is back on now, well it was - but it didn't show back up when OTL rebooted the system. I am going to run security check and the other thing now.

    Here is the log file

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.
    File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    File F:\WIN\setup.exe not found.
    C:\WINDOWS\002588_.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Browser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 5638223 bytes
    ->Google Chrome cache emptied: 594288 bytes
    ->Flash cache emptied: 41 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    User: NetworkService
    ->Temp folder emptied: 30898 bytes
    ->Temporary Internet Files folder emptied: 33279 bytes

    User: Owner
    ->Temp folder emptied: 45185547 bytes
    ->Temporary Internet Files folder emptied: 23791929 bytes
    ->Java cache emptied: 3953536 bytes
    ->FireFox cache emptied: 42570765 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 24933376 bytes
    ->Opera cache emptied: 24786805 bytes
    ->Flash cache emptied: 119011380 bytes

    User: Test
    ->Temp folder emptied: 4660 bytes
    ->Temporary Internet Files folder emptied: 5334329 bytes
    ->Java cache emptied: 488 bytes
    ->Opera cache emptied: 628366 bytes
    ->Flash cache emptied: 446 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 170050 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 283.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Browser
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Test
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11122011_193109

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  22. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    Sorry, I thought I already posted this yesterday..

    I turned off MSE with MS-Config. That is how I usually do that. I learned it from troubleshooting Adobe software,

    http://kb2.adobe.com/cps/822/cpsid_82252.html - which I have had to do allot.

    I can only assume that the reason that Microsoft lists MSE as a non-microsoft service is for just this sort of occasion. In the past I have had difficulties turning off security services using their little switch. I also thought that shutting down things like office quickstarted and adobe reader fast loader stuff might help.. :eek:

    OK, four system freezes and one stupid move later..

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.
    File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eb8e220-eab7-11e0-a1e1-f12ef3a4d292}\ not found.
    File F:\WIN\setup.exe not found.
    C:\WINDOWS\002588_.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Browser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 5638223 bytes
    ->Google Chrome cache emptied: 594288 bytes
    ->Flash cache emptied: 41 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    User: NetworkService
    ->Temp folder emptied: 30898 bytes
    ->Temporary Internet Files folder emptied: 33279 bytes

    User: Owner
    ->Temp folder emptied: 45185547 bytes
    ->Temporary Internet Files folder emptied: 23791929 bytes
    ->Java cache emptied: 3953536 bytes
    ->FireFox cache emptied: 42570765 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 24933376 bytes
    ->Opera cache emptied: 24786805 bytes
    ->Flash cache emptied: 119011380 bytes

    User: Test
    ->Temp folder emptied: 4660 bytes
    ->Temporary Internet Files folder emptied: 5334329 bytes
    ->Java cache emptied: 488 bytes
    ->Opera cache emptied: 628366 bytes
    ->Flash cache emptied: 446 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 170050 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 283.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Browser
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Test
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11122011_193109

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    -----

    The TFC did have me reboot - if your are curious.

    and,

    OK, so I said stupid move right? Well - for some odd reason I unchecked automatically fix errors on the first time I ran the ESET process and it found six threats I have the log here.

    C:\Documents and Settings\All Users\Documents\Shea\cnet_CMI8738_WDM_0639XP_zip.exe a variant of Win32/InstallCore.D application
    C:\Documents and Settings\Owner\My Documents\Security\cnet_vinyl_v700b_zip.exe a variant of Win32/InstallCore.D application
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application
    C:\System Volume Information\_restore{3AD55D95-9BD5-439F-AF99-5C4CBE3E2607}\RP270\A0278054.dll a variant of Win32/Toolbar.Zugo application
    C:\System Volume Information\_restore{3AD55D95-9BD5-439F-AF99-5C4CBE3E2607}\RP270\A0278055.exe a variant of Win32/Toolbar.Zugo application

    I realized I was being stupid and reran the ESET with the autofix check left on, and the system froze right after the second pair of Zugo toolbar finds. I rebooted and restored the previous session in IE and it ran through to completion without finding anything or generating a log. :grinthumb
     
  23. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    To be clear - I have completely restored the system to full normal operation and startups.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good :)

    I still need Security Check log.
     
  25. SheaReinke

    SheaReinke TS Rookie Topic Starter Posts: 21

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    TuneUp Companion 2.2.3
    Java(TM) 6 Update 29
    Adobe Flash Player 11.0.1.152
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Spybot Teatimer.exe is disabled!
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...