also @ TechSpot: Windows 8 Release Preview leaked, Microsoft may raise OEM prices

TechSpot

[Inactive] Remaining virus and trojan horse infections I can't elimate

Discussion in 'Virus and Malware Removal' started by goleftfast, Jan 5, 2012.

Page 2 of 2

  1. goleftfast Newcomer, in training

    Downloaded program and made the CD. Restarted computer, pressed F12 for Boot Menu and choose CD/DVD to boot. Computer comes up, but no REATOGO-X-PE file on the desktop, just the .exe file I downloaded. Tried to connect to the internet and got an error "Generic Host Process Win32 Service encountered a problem and needs to close. Then another popup that reads Windows shutdown was initiated by NT Authority/System. DCOM Server Process Launcher service terminated unexpectedly. Got this error message last time with the virus.

    Let me know if I did something wrong and I'll try again. Thank you for the help!
    goleftfast, Jan 6, 2012
    #21

  2. Broni Malware Annihilator

    I don't think you're booting to Reatogo.

    Try to boot another working computer from the CD you just created and see if it works.
    Broni, Jan 6, 2012
    #22

  3. goleftfast Newcomer, in training

    Made another boot cd and this one seemed to work.

    It did not ask me to load remote registry or remote user profile to scan. I could not connect to the internet via my wireless connection. Attempted to do a repair and got the following message: Windows could not finish repairing the problem because the following action cannot be completed: Disabling the wireless network adapter. Make sure your network adapter is properly installed.

    Here is Part 1 of the log.....

    OTL logfile created on: 1/6/2012 9:12:38 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 782.00 Mb Available Physical Memory | 77.00% Memory free
    902.00 Mb Paging File | 823.00 Mb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.08 Gb Total Space | 228.77 Gb Free Space | 76.75% Space Free | Partition Type: NTFS
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2011/12/06 18:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\System32\mfevtps.exe -- (mfevtp)
    SRV - [2011/12/06 18:21:24 | 000,160,608 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2011/12/06 18:21:08 | 000,166,288 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
    SRV - [2011/10/18 17:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/01/28 13:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
    SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
    SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2006/01/06 23:54:41 | 000,077,824 | ---- | M] (Hewlett-Packard Company) [On_Demand] -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver)
    SRV - [2006/01/06 23:54:41 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand] -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server)
    SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand] -- -- (EverestDriver)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- -- (catchme)
    DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
    DRV - [2008/03/12 20:25:36 | 002,530,176 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2005/11/30 11:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005/11/15 10:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator.OWNER-830FA6330.000_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\Administrator.OWNER-830FA6330.000_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 9E 89 D2 1A C9 CC 01 [binary data]
    IE - HKU\Administrator.OWNER-830FA6330.000_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\Owner_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\Owner_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files\McAfee\MSC\npMcSnFFPl.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/01/06 20:17:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/01/04 22:12:33 | 000,000,000 | ---D | M]

    [2011/10/12 09:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2011/10/12 09:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

    O1 HOSTS File: ([2012/01/06 12:05:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20111226160148.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\Syslogin.exe (InfoWorks Technology Company)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
    O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\Administrator.OWNER-830FA6330.000_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\Administrator.OWNER-830FA6330.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\Owner_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/02/19 10:22:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/06 21:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2012/01/06 19:59:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/01/06 19:34:00 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
    [2012/01/06 11:20:01 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Documents and Settings\Owner\Desktop\BlitzBlank.exe
    [2012/01/06 00:19:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/01/06 00:00:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/01/05 23:54:36 | 004,372,321 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2012/01/05 21:32:59 | 004,372,321 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\Ownerfix.exe
    [2012/01/05 21:01:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/01/05 21:01:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/01/05 21:01:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/01/05 21:01:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/01/05 21:00:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/01/05 21:00:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/04 17:47:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2012/01/04 02:17:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Recent
    [2012/01/04 01:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Application Data\SUPERAntiSpyware.com
    [2012/01/03 13:33:11 | 004,007,216 | ---- | C] (IObit ) -- C:\Documents and Settings\Owner\Desktop\defragsetup.exe
    [2012/01/03 12:37:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2012/01/02 16:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    [2012/01/02 16:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    [2012/01/02 16:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/01/02 16:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2012/01/02 16:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/01/02 10:46:05 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
    [2012/01/02 10:45:50 | 000,081,920 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll
    [2012/01/02 10:45:50 | 000,069,721 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
    [2012/01/02 10:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
    [2012/01/02 10:45:06 | 000,000,000 | ---D | C] -- C:\Touchpad.temp
    [2012/01/02 10:44:03 | 013,792,472 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2012/01/02 01:57:37 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
    [2012/01/02 01:53:14 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Desktop\HousecallLauncher.exe
    [2012/01/02 01:48:44 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/02 01:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Application Data\Adobe
    [2012/01/02 01:46:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\PrivacIE
    [2012/01/02 01:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Application Data\Malwarebytes
    [2012/01/02 01:43:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\IETldCache
    [2012/01/02 01:42:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Application Data\Microsoft
    [2012/01/02 01:42:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Application Data
    [2012/01/02 01:42:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Cookies
    [2012/01/02 01:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Application Data\Macromedia
    [2012/01/02 01:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Favorites
    [2012/01/02 01:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Desktop
    [2012/01/02 01:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Local Settings\Application Data\Adobe
    [2012/01/02 01:42:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Start Menu\Programs\Startup
    [2012/01/02 01:42:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Start Menu
    [2012/01/02 01:42:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\SendTo
    [2012/01/02 01:42:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Start Menu\Programs\Accessories
    [2012/01/02 01:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\My Documents\Visual Studio 2010
    [2012/01/02 01:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Templates
    [2012/01/02 01:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\PrintHood
    [2012/01/02 01:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\NetHood
    [2012/01/02 01:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\My Documents
    [2012/01/02 01:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Local Settings\Application Data\Microsoft Help
    [2012/01/02 01:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Local Settings\Application Data\Microsoft
    [2012/01/02 01:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Local Settings
    [2011/12/31 15:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/31 15:42:34 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/12/31 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/31 15:12:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/12/31 14:18:22 | 007,956,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-rules.exe
    [2011/12/31 14:18:03 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.60.0.1800.exe
    [2011/12/31 13:43:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
    [2011/12/31 00:09:19 | 000,000,000 | ---D | C] -- C:\found.000
    [2011/12/30 20:16:21 | 000,000,000 | ---D | C] -- C:\$AVG
    [2011/12/28 17:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\System Check
    [2011/12/28 16:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\NetHood
    [2011/12/26 17:36:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\PrivacIE
    [2011/12/26 17:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
    [2011/12/25 16:51:05 | 000,000,000 | ---D | C] -- C:\e
    [2011/12/25 16:17:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\PrivacIE
    [2011/12/25 16:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
    [2011/12/25 00:34:49 | 000,009,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
    [2011/12/25 00:34:19 | 000,089,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
    [2011/12/25 00:34:18 | 000,083,856 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
    [2011/12/25 00:34:17 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
    [2011/12/25 00:34:15 | 000,338,176 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
    [2011/12/25 00:34:12 | 000,059,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
    [2011/12/25 00:34:11 | 000,180,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
    [2011/12/25 00:34:08 | 000,057,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
    [2011/12/25 00:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
    [2011/12/25 00:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2011/12/25 00:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2011/12/25 00:24:26 | 000,121,256 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
    [2011/12/25 00:24:11 | 000,464,176 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
    [2011/12/25 00:24:06 | 000,150,856 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
    [2011/12/25 00:24:06 | 000,148,520 | R--- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.8a8a.deleteme
    [2011/12/25 00:13:38 | 000,118,784 | R--- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys.d07b.deleteme
    [2011/12/25 00:13:33 | 000,459,728 | R--- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys.1538.deleteme
    [2011/12/25 00:13:26 | 000,148,520 | R--- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.e1e3.deleteme
    [2011/12/24 13:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2011/12/24 13:19:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
    [2011/12/24 11:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2011/12/24 11:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2011/12/24 11:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2011/12/20 15:21:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
    [2011/12/20 14:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/12/20 14:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/12/20 14:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/12/20 14:43:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
    [2011/12/20 14:32:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2011/12/19 13:18:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010/10/17 12:36:53 | 007,053,264 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Owner\gosetup.exe
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    goleftfast, Jan 6, 2012
    #23

  4. goleftfast Newcomer, in training

    Part 2 of the log.........

    ========== Files - Modified Within 30 Days ==========

    [2012/01/06 21:54:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/06 21:26:19 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1417001333-682003330-1003UA.job
    [2012/01/06 21:16:19 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/06 21:02:03 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
    [2012/01/06 21:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2012/01/06 20:48:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job
    [2012/01/06 20:12:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/06 14:26:58 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
    [2012/01/06 12:05:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/01/06 11:29:33 | 001,058,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    [2012/01/06 11:17:52 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\Owner\Desktop\BlitzBlank.exe
    [2012/01/06 00:26:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1417001333-682003330-1003Core.job
    [2012/01/06 00:20:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/01/05 21:30:36 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
    [2012/01/05 21:29:08 | 004,372,321 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\Ownerfix.exe
    [2012/01/05 21:29:08 | 004,372,321 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2012/01/05 20:54:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
    [2012/01/05 11:16:25 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/01/04 22:06:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/01/04 02:41:04 | 000,064,626 | ---- | M] () -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Desktop\cc_20120104_014057.reg
    [2012/01/04 01:15:39 | 000,000,209 | -HS- | M] () -- C:\boot.ini
    [2012/01/03 17:39:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/01/03 12:52:04 | 004,007,216 | ---- | M] (IObit ) -- C:\Documents and Settings\Owner\Desktop\defragsetup.exe
    [2012/01/02 19:48:46 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
    [2012/01/02 18:21:45 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
    [2012/01/02 16:54:49 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iTunes.lnk
    [2012/01/02 16:43:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/01/02 16:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/01/02 10:37:48 | 005,652,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sa105tpdriverx.exe
    [2012/01/02 10:26:46 | 013,792,472 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2012/01/02 02:44:27 | 000,164,235 | ---- | M] () -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Local Settings\Application Data\census.cache
    [2012/01/02 02:43:27 | 000,164,204 | ---- | M] () -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Local Settings\Application Data\ars.cache
    [2012/01/02 01:53:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Local Settings\Application Data\housecall.guid.cache
    [2012/01/02 01:53:14 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Desktop\HousecallLauncher.exe
    [2012/01/02 01:48:55 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/02 01:10:15 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2011/12/31 15:42:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/31 15:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/30 23:21:02 | 000,448,695 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AVG virus popup while Malware was running.jpg
    [2011/12/30 20:37:34 | 000,289,007 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\virus vault caught 2.jpg
    [2011/12/30 20:33:12 | 000,258,686 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\virus vault caught.jpg
    [2011/12/30 13:46:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2011/12/30 13:43:42 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2f0ttoz1.exe
    [2011/12/30 13:31:52 | 007,956,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-rules.exe
    [2011/12/30 13:29:16 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.60.0.1800.exe
    [2011/12/28 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements
    [2011/12/28 16:51:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
    [2011/12/28 16:51:05 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    [2011/12/28 16:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/12/28 16:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2010 Express
    [2011/12/28 16:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2008
    [2011/12/28 16:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2011/12/28 16:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
    [2011/12/28 16:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/12/28 16:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
    [2011/12/28 16:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2011/12/28 16:51:00 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
    [2011/12/28 16:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bilingual Books
    [2011/12/28 16:50:59 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
    [2011/12/28 16:46:28 | 000,001,202 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\w03v5ho382r0eu83588ggfx84pax154ve3u7
    [2011/12/28 12:08:30 | 000,321,542 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/12/28 06:59:51 | 000,020,660 | -HS- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
    [2011/12/28 06:59:51 | 000,020,660 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
    [2011/12/26 11:26:46 | 000,020,770 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
    [2011/12/26 00:00:10 | 000,633,170 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/12/25 17:06:46 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
    [2011/12/25 17:06:45 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
    [2011/12/25 17:06:45 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
    [2011/12/25 17:06:44 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
    [2011/12/25 17:06:44 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
    [2011/12/25 17:06:44 | 000,000,138 | ---- | M] () -- C:\flk2.gif
    [2011/12/25 17:06:43 | 000,000,113 | ---- | M] () -- C:\del_1.gif
    [2011/12/25 16:58:22 | 000,000,380 | ---- | M] () -- C:\edu.bmp
    [2011/12/25 16:58:22 | 000,000,304 | ---- | M] () -- C:\dir.bmp
    [2011/12/25 16:58:22 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
    [2011/12/25 16:58:22 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
    [2011/12/25 16:58:22 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
    [2011/12/25 16:58:22 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
    [2011/12/25 16:58:19 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
    [2011/12/25 16:58:18 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
    [2011/12/25 16:58:17 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
    [2011/12/25 16:58:16 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
    [2011/12/25 16:58:14 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
    [2011/12/25 16:58:11 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
    [2011/12/25 14:58:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/12/25 14:58:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/12/24 22:27:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\kDJeBl3a0.com.b
    [2011/12/24 19:56:16 | 000,018,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\015467y6h152l128c172x1glr3b3
    [2011/12/24 19:56:15 | 000,018,272 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\015467y6h152l128c172x1glr3b3
    [2011/12/24 11:33:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\41Jq85.dat
    [2011/12/15 14:18:13 | 000,011,924 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\New OpenDocument Text (8).odt
    [2011/12/15 10:47:28 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/15 10:27:59 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
    [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/12/08 10:42:06 | 000,012,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\thank you letter to memphis.odt
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/05 21:33:31 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
    [2012/01/05 21:01:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/05 21:01:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/05 21:01:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/01/05 21:01:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/01/05 21:01:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/01/05 20:54:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
    [2012/01/04 17:46:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2f0ttoz1.exe
    [2012/01/04 02:41:02 | 000,064,626 | ---- | C] () -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Desktop\cc_20120104_014057.reg
    [2012/01/03 13:35:24 | 000,448,695 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AVG virus popup while Malware was running.jpg
    [2012/01/03 13:35:24 | 000,289,007 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\virus vault caught 2.jpg
    [2012/01/03 13:35:24 | 000,258,686 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\virus vault caught.jpg
    [2012/01/02 18:21:45 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
    [2012/01/02 16:54:49 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\iTunes.lnk
    [2012/01/02 16:43:03 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/01/02 10:44:38 | 005,652,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sa105tpdriverx.exe
    [2012/01/02 02:44:27 | 000,164,235 | ---- | C] () -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Local Settings\Application Data\census.cache
    [2012/01/02 02:43:27 | 000,164,204 | ---- | C] () -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Local Settings\Application Data\ars.cache
    [2012/01/02 01:53:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Local Settings\Application Data\housecall.guid.cache
    [2012/01/02 01:42:58 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Start Menu\Programs\Remote Assistance.lnk
    [2012/01/02 01:42:58 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.OWNER-830FA6330.000\Start Menu\Programs\Windows Media Player.lnk
    [2012/01/02 01:10:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2011/12/31 15:42:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/29 15:03:14 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
    [2011/12/28 16:46:28 | 000,001,202 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\w03v5ho382r0eu83588ggfx84pax154ve3u7
    [2011/12/26 16:10:27 | 000,020,660 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
    [2011/12/26 03:25:59 | 000,020,770 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
    [2011/12/26 03:25:59 | 000,020,660 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
    [2011/12/25 17:06:46 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
    [2011/12/25 17:06:45 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
    [2011/12/25 17:06:45 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
    [2011/12/25 17:06:44 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
    [2011/12/25 17:06:44 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
    [2011/12/25 17:06:44 | 000,000,138 | ---- | C] () -- C:\flk2.gif
    [2011/12/25 17:06:43 | 000,000,113 | ---- | C] () -- C:\del_1.gif
    [2011/12/25 16:58:22 | 000,000,380 | ---- | C] () -- C:\edu.bmp
    [2011/12/25 16:58:22 | 000,000,304 | ---- | C] () -- C:\dir.bmp
    [2011/12/25 16:58:22 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
    [2011/12/25 16:58:22 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
    [2011/12/25 16:58:22 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
    [2011/12/25 16:58:22 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
    [2011/12/25 16:58:19 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
    [2011/12/25 16:58:18 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
    [2011/12/25 16:58:17 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
    [2011/12/25 16:58:16 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
    [2011/12/25 16:58:14 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
    [2011/12/25 16:58:10 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
    [2011/12/24 22:27:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\kDJeBl3a0.com.b
    [2011/12/24 11:33:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\41Jq85.dat
    [2011/12/24 11:31:01 | 000,633,170 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/12/19 13:18:20 | 000,018,272 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\015467y6h152l128c172x1glr3b3
    [2011/12/19 13:18:19 | 000,018,272 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\015467y6h152l128c172x1glr3b3
    [2011/12/15 14:12:04 | 000,011,924 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\New OpenDocument Text (8).odt
    [2011/11/03 15:35:02 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2011/09/10 15:44:17 | 000,093,422 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
    [2011/09/10 15:44:17 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
    [2011/09/10 15:43:44 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
    [2011/09/01 18:14:23 | 000,163,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/09/01 18:14:20 | 000,688,903 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-1417001333-682003330-1003-0.dat
    [2011/09/01 18:14:19 | 000,321,542 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/08/26 18:44:24 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
    [2011/08/26 18:44:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
    [2011/01/27 19:02:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/26 13:14:35 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/16 10:39:37 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
    [2010/10/16 10:38:09 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
    [2010/09/12 17:48:32 | 000,000,209 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2010/09/12 17:48:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2010/09/12 17:48:32 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7420.dat
    [2010/09/12 17:48:31 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
    [2010/09/12 17:48:31 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2010/09/12 17:47:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
    [2010/09/12 17:47:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2010/09/09 15:53:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2010/08/14 14:47:45 | 000,000,410 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\com.headroomlearning.success_state.xml
    [2010/06/04 12:57:22 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini
    [2010/03/01 22:22:34 | 000,061,944 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/02/20 17:01:01 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2010/02/20 17:01:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2010/02/20 17:01:01 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2010/02/20 17:01:01 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2010/02/20 11:06:47 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2010/02/19 10:26:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/02/19 09:58:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/02/18 12:51:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/02/18 12:50:27 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/03/15 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/03/15 07:00:00 | 001,033,728 | ---- | C] () -- C:\WINDOWS\expl.dat
    [2006/03/15 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/03/15 07:00:00 | 000,658,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/03/15 07:00:00 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\winl.dat
    [2006/03/15 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/03/15 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/03/15 07:00:00 | 000,147,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/03/15 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/03/15 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/03/15 07:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\svch.dat
    [2006/03/15 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/03/15 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/03/15 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/03/15 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011/10/03 17:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
    [2010/02/28 12:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/08/14 14:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.headroomlearning.success.E906FDB8037C0EF6FFEB8EA592E89D1E073818BC.1
    [2011/10/16 21:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Garmin
    [2010/03/14 19:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
    [2011/10/12 09:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
    [2011/04/16 06:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
    [2010/04/13 07:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TightVNC
    [2011/10/27 13:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
    [2010/04/13 07:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
    [2010/04/13 07:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\TightVNC
    [2011/08/31 16:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOP
    [2010/10/17 12:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
    [2011/09/13 08:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2010/08/14 14:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Headroom_Learning
    [2010/05/09 12:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/02/27 16:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

    ========== Purity Check ==========



    ========== Custom Scans ==========



    < MD5 for: EXPLORER.EXE >
    [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    [2006/03/15 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2012/01/06 11:29:33 | 001,058,816 | ---- | M] (Microsoft Corporation) MD5=F92D05B1C0DE946CF66B11479247FBDE -- C:\WINDOWS\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
    [2006/03/15 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    [2011/12/24 18:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2008/04/14 06:42:10 | 000,039,936 | ---- | M] (Microsoft Corporation) MD5=ECD453C1AD7D2FF9448C24A65642FE17 -- C:\WINDOWS\system32\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2006/03/15 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
    [2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
    [2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2006/03/15 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2008/04/14 06:42:10 | 000,545,280 | ---- | M] (Microsoft Corporation) MD5=1300F6682BEA386767AE2A7C6C2DDCA7 -- C:\WINDOWS\system32\winlogon.exe
    [2011/12/24 18:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    < End of report >
    goleftfast, Jan 6, 2012
    #24

  5. goleftfast Newcomer, in training

    I'm beginning to think about reinstalling windows. I have a "Recovery & Applications" DVD that came with the laptop. Will this reformat the drive an install new Windows software on my laptop? Not sure what a Recovery DVD might be.

    I've run so many fix it programs and it is still not working. Might be time to throw in the towel. LMK
    goleftfast, Jan 7, 2012
    #25

  6. Broni Malware Annihilator

    No reason.
    We'll fix it.

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
IE - HKU\Owner_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2011/12/28 16:46:28 | 000,001,202 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\w03v5ho382r0eu83588ggfx84pax154ve3u7
[2011/12/28 06:59:51 | 000,020,660 | -HS- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
[2011/12/28 06:59:51 | 000,020,660 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
[2011/12/26 11:26:46 | 000,020,770 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
[2011/12/24 19:56:16 | 000,018,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\015467y6h152l128c172x1glr3b3
[2011/12/24 19:56:15 | 000,018,272 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\015467y6h152l128c172x1glr3b3
[2011/12/24 11:33:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\41Jq85.dat


:Services

:Reg

:Files
c:\windows\explorer.exe|c:\windows\ServicePackFiles\i386\explorer.exe /replace

:Commands
[purity]
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into Windows.

    Then re-run Combofix.
    Broni, Jan 7, 2012
    #26

  7. goleftfast Newcomer, in training

    Rebooted after the scan and only got a blue screen with several error messages.

    1. Generic Host Process for Win32 Services encountered a problem and needs to close.
    2. System Shutdown initiated by NT Authority System, DCom Server Process Launcher terminated unexpectedly.

    It rebooted again, got the Toshiba startup screen and then the blue screen with error msg, Windows Explorer has encountered a problem etc and clicked don't send report and it went away. Nothing else on the screen, just blue background and that's where it is now, at the blue screen with nothing on it.

    What now?


    ========== OTL ==========
    Registry value HKEY_USERS\Owner_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\Administrator.OWNER-830FA6330.000_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Registry key HKEY_USERS\Administrator.OWNER-830FA6330.000_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Registry key HKEY_USERS\Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ not found.
    HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\w03v5ho382r0eu83588ggfx84pax154ve3u7 moved successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1 moved successfully.
    C:\Documents and Settings\All Users\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1 moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1 moved successfully.
    C:\Documents and Settings\All Users\Application Data\015467y6h152l128c172x1glr3b3 moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\015467y6h152l128c172x1glr3b3 moved successfully.
    C:\Documents and Settings\All Users\Application Data\41Jq85.dat moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File c:\windows\explorer.exe successfully replaced with c:\windows\ServicePackFiles\i386\explorer.exe
    ========== COMMANDS ==========

    OTLPE by OldTimer - Version 3.1.48.0 log created on 01062012_232513
    goleftfast, Jan 7, 2012
    #27

  8. Broni Malware Annihilator

    Turn the computer off.
    Wait 1 minute.
    Restart again.
    If normal mode doesn't work see if you can boot to safe mode.
    Broni, Jan 7, 2012
    #28

  9. goleftfast Newcomer, in training

    Turned off, waited, turned back on, got windows explorer error and then the blue screen. Restarted into safe mode, got same error msg and a black screen with safe mode in the corners. Nothing else, no icons, start button,
    goleftfast, Jan 7, 2012
    #29

  10. Broni Malware Annihilator

    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
    If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

    You should get a black screen with a C:\> prompt. Type with an Enter after each line:

    fixmbr

    fixboot

    exit

    Attempt to start normally.
    Broni, Jan 7, 2012
    #30

  11. goleftfast Newcomer, in training

    I do not have the recovery console installed on this laptop.
    goleftfast, Jan 7, 2012
    #31

  12. Broni Malware Annihilator

    According to the latest Combofix log you do.
    Did you try it?
    Broni, Jan 7, 2012
    #32

  13. goleftfast Newcomer, in training

    Hey Broni,

    Sorry about the delay, but I just needed a break. After much consideration, I decided to go ahead and do a system recovery with the long lost CD's. It took just about as long to update and reinstall everything, but it is working properly now.

    Many thanks and I admire your patience with dealing with it.
    goleftfast, Jan 12, 2012
    #33

  14. Broni Malware Annihilator

    Thanks for letting me know :)
    Broni, Jan 12, 2012
    #34
Page 2 of 2