also @ TechSpot: Gamers spend more money on iOS than dedicated handhelds

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

System Check virus

Discussion in 'Virus and Malware Removal' started by Allieraptor, Jan 19, 2012.

Post New Reply

Page 2 of 4

Broni Malware Annihilator Posts: 39,206 +175

Restart manually to safe mode and run Combofix from there.

Broni, Jan 19, 2012

#21
Allieraptor Newcomer, in training Posts: 51

RKill and ComboFix Logs

Finally got these to work. Took a lot of restarts but I got there.

*****RKill*****

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/19/2012 at 22:27:30.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 01/19/2012 at 22:27:32.

******COMBOFix*******

ComboFix 12-01-19.02 - Jazz 01/19/2012 22:47:14.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2501 [GMT -6:00]
Running from: c:\documents and settings\Jazz\Desktop\Allie_S.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jazz\Application Data\cacaoweb
c:\documents and settings\Jazz\Application Data\cacaoweb\errorlog.txt
c:\documents and settings\Jazz\Application Data\cacaoweb\npdfile.dat
c:\documents and settings\Jazz\Application Data\cacaoweb\replicating273BBB98ADDE29D3574EF9828142B3E2.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicating3E67B53EBB618051D615B1FA8A338795.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicating56738653D658FEFB0AB82C51591D5CE6.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicating5B75C9B112117FAE00EC6570AAD0CD12.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicating6C0543416E1581009E7E50F597FF527E.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicating9A19A98E4D7CC68EB0EBB4EF9193AE2B.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicating9DD91D706D624A99C2496E0314803B00.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicating9F0DFE6FEF4875B7DA2990CFDAA720DA.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicatingA4322D124567FE785C6DA0B3B463708C.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicatingB5C27FE21AAD3C302DD6785858EE031D.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicatingCDB08E73C8AC626D378E1A0D27E4FD3D.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicatingD6C28D8A338D03BBC3DD15575F23A991.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\replicatingFFBA904A6626A1213105BB1F59C5E552.cacao
c:\documents and settings\Jazz\Application Data\cacaoweb\storage.db
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\searchplugins\bing-zugo.xml
c:\program files\1701_A.D._Installer.exe
c:\program files\cacaoweb
c:\program files\cacaoweb\cacaoweb(2).exe
c:\program files\cacaoweb\cacaoweb.exe
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\$NtUninstallKB33193$
c:\windows\$NtUninstallKB33193$\2290388583
c:\windows\system32\SET55.tmp
c:\windows\system32\SET61.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.mrxsmb
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 05:46 . 2012-01-20 05:46 -------- d-----w- c:\windows\LastGood
2012-01-19 09:13 . 2012-01-19 10:31 -------- d-----w- c:\program files\Allie_TR_
2012-01-19 08:09 . 2012-01-19 08:13 -------- d-----w- c:\program files\Allie_SD_
2012-01-18 15:02 . 2012-01-18 15:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-18 15:02 . 2012-01-18 15:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-01-09 19:08 . 2012-01-09 19:08 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-09 19:08 . 2012-01-09 19:08 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 19:08 . 2012-01-09 19:08 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 19:08 . 2012-01-09 19:08 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-02 09:42 . 2012-01-20 05:43 -------- d-----w- c:\program files\Giraffic
2012-01-02 09:42 . 2012-01-02 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Giraffic
2012-01-02 09:41 . 2012-01-02 09:41 -------- d-----w- c:\program files\Veoh Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2010-08-03 04:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2010-08-16 15:00 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-08-16 15:00 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-09-16 10:50 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-08-16 15:00 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-08-16 15:00 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-08-16 15:00 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-08-16 15:00 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-08-16 15:00 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-08-16 15:00 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-08-16 15:00 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-17 05:12 . 2011-07-17 05:12 683792 ----a-w- c:\program files\RealPlayer.exe
2011-05-31 16:43 . 2011-05-31 16:40 35624744 ----a-w- c:\program files\SafariSetup.exe
2011-05-31 16:37 . 2011-05-31 16:37 3854848 ----a-w- c:\program files\AdbeRdrUpd944_all_incr.msp
2011-05-31 16:32 . 2011-05-31 16:31 12795016 ----a-w- c:\program files\AdobeAIRInstaller.exe
2010-04-27 20:56 . 2010-04-27 20:55 4169301 ----a-w- c:\program files\FileZilla_3.3.2.1_win32-setup.exe
2010-02-15 18:55 . 2010-02-15 18:55 1146696 ----a-w- c:\program files\wlsetup-custom.exe
2012-01-09 19:08 . 2011-04-26 19:54 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26194728]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-11-28 4692296]
"SpybotSD TeaTimer"="c:\program files\Allie_SD_\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-12 794714]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-17 273544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\documents and settings\All Users\Desktop\Allie_Mal_New\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Jazz\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-5-28 911920]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Google Update"="c:\documents and settings\Jazz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe Version Cue CS2"=c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe"
"FunctionKeyCtrl"=c:\program files\Function Key Controller\FKC.exe
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"nwiz"=nwiz.exe /install
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"SkyTel"=SkyTel.EXE
"AGRSMMSG"=AGRSMMSG.exe
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Aspyr\\1701 A.D\\1701.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Giraffic\\Veoh_Giraffic.exe"=
"c:\\Program Files\\Giraffic\\Veoh_GirafficWatchdog.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/16/2011 4:50 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/16/2010 9:00 AM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/16/2010 9:00 AM 20568]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe --service --> c:\program files\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 MBAMService;MBAMService;c:\documents and settings\All Users\Desktop\Allie_Mal_New\mbamservice.exe [1/18/2012 9:09 PM 652872]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7/6/2010 12:55 PM 1051968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/2/2010 10:27 PM 20464]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/24/2010 1:41 PM 10064]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [5/28/2010 5:04 AM 14896]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1783131627-3882024231-2920578519-1004Core.job
- c:\documents and settings\Jazz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-07 16:28]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1783131627-3882024231-2920578519-1004UA.job
- c:\documents and settings\Jazz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-07 16:28]
.
2012-01-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1783131627-3882024231-2920578519-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2012-01-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1783131627-3882024231-2920578519-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20120102&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - (no file)
Toolbar-Locked - (no file)
HKCU-Run-cacaoweb - c:\program files\cacaoweb\cacaoweb.exe
HKLM-Run-gfUomFNvRQL.exe - c:\documents and settings\All Users\Application Data\gfUomFNvRQL.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 23:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1783131627-3882024231-2920578519-1004\Software\SecuROM\License information*]
"datasecu"=hex:3f,ef,d0,29,9c,6d,2b,ec,56,6a,1d,fe,a1,d0,c2,b6,0d,e3,53,6b,05,
09,0f,bb,4d,ac,68,21,9c,93,4c,16,23,2b,32,51,53,33,36,63,31,dd,0a,fe,63,a2,\
"rkeysecu"=hex:83,3d,7c,aa,d0,02,6e,4e,b2,2a,cb,01,84,36,58,7c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Giraffic\Veoh_GirafficWatchdog.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Giraffic\Veoh_Giraffic.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\AGRSMMSG.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-20 00:00:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 05:59
.
Pre-Run: 28,135,489,536 bytes free
Post-Run: 28,932,210,688 bytes free
.
- - End Of File - - 3B626B19F3B9ADAA7A335CAAD97E0BCC

Allieraptor, Jan 20, 2012

#22
Broni Malware Annihilator Posts: 39,206 +175
Looks good now.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Jan 20, 2012

#23
Allieraptor Newcomer, in training Posts: 51

OTL logs

So far so good I think. lol After I ran the combo fix I got my windows update notifications back so that's moving in the right direction. My avast has stopped loading on start up though, not sure why that is.

*****OTL.txt******

OTL logfile created on: 1/20/2012 12:10:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jazz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.04% Memory free
4.84 Gb Paging File | 4.21 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 26.98 Gb Free Space | 24.14% Space Free | Partition Type: NTFS

Computer Name: AREA51 | User Name: Jazz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/20 00:09:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jazz\Desktop\OTL.exe
PRC - [2012/01/10 10:37:22 | 002,223,248 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/01/10 10:37:04 | 003,730,048 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\All Users\Desktop\Allie_Mal_New\mbamservice.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/11/28 06:36:30 | 004,692,296 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2011/07/16 23:15:57 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/07/06 12:57:00 | 000,720,704 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/07/06 12:55:16 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/05 10:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/28 09:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 09:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/04/04 16:58:30 | 003,502,080 | ---- | M] () -- c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 16:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 16:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/18 11:47:33 | 001,679,360 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12011801\algo.dll
MOD - [2011/10/04 11:22:03 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/21 07:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011/06/20 07:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011/06/20 05:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011/06/20 05:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011/06/20 05:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011/06/20 05:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011/05/26 03:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011/05/26 03:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2011/03/27 14:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2005/11/28 09:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 09:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 09:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/03 09:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/04/04 16:58:36 | 001,019,904 | ---- | M] () -- c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
MOD - [2005/04/04 16:58:36 | 000,434,255 | ---- | M] () -- c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
MOD - [2005/04/04 16:58:34 | 000,057,453 | ---- | M] () -- c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
MOD - [2005/04/04 16:58:34 | 000,053,364 | ---- | M] () -- c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
MOD - [2005/04/04 16:58:32 | 000,057,455 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
MOD - [2005/04/04 16:58:30 | 003,502,080 | ---- | M] () -- c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
MOD - [2005/04/04 16:58:30 | 000,102,515 | ---- | M] () -- c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
MOD - [2005/04/04 16:58:28 | 000,032,880 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
MOD - [2005/04/04 16:58:24 | 000,028,791 | ---- | M] () -- c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/10 10:37:22 | 002,223,248 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Documents and Settings\All Users\Desktop\Allie_Mal_New\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/05 12:22:00 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/07/06 12:55:16 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/07/06 12:52:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/20 08:18:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/04/04 16:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/28 05:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/04/14 06:00:00 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/14 06:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/01/30 16:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/23 09:38:08 | 000,808,752 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006/11/28 12:50:16 | 000,863,402 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/11/28 12:48:10 | 000,047,907 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/11/02 14:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/10/15 12:02:18 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/10/15 12:01:54 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/10/15 11:59:32 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/10/09 20:00:24 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/06/29 14:13:00 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/06/20 09:55:00 | 000,244,864 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/12/22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/12/04 22:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/28 10:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2002/11/20 17:45:50 | 000,002,218 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com

IE - HKU\S-1-5-21-1783131627-3882024231-2920578519-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z164&ocid=zdhp&install_date=20120102
IE - HKU\S-1-5-21-1783131627-3882024231-2920578519-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1783131627-3882024231-2920578519-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.foxnews.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.4.6
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {6214E6CA-C5A0-4C1D-A190-F447322F9BC6}:1.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: cacaoweb@cacaoweb.org:1.0.11
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20120102&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jazz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jazz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6214E6CA-C5A0-4C1D-A190-F447322F9BC6}: C:\Documents and Settings\Jazz\Local Settings\Application Data\{6214E6CA-C5A0-4C1D-A190-F447322F9BC6}\ [2010/07/04 19:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{526B7554-0CFB-4983-9CAD-82538D736BB9}: C:\Documents and Settings\Jazz\Local Settings\Application Data\{526B7554-0CFB-4983-9CAD-82538D736BB9}\ [2010/07/31 08:17:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{63DD3FFB-514E-462F-A331-3B352153D176}: C:\Documents and Settings\Jazz\Local Settings\Application Data\{63DD3FFB-514E-462F-A331-3B352153D176}\ [2010/08/01 06:48:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BE9DE3B8-8E4C-4AAA-8931-7BDF3632EFB9}: C:\Documents and Settings\Jazz\Local Settings\Application Data\{BE9DE3B8-8E4C-4AAA-8931-7BDF3632EFB9}\ [2010/08/01 07:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B1AA2FF7-9359-493C-A35C-5D3FBD8BF4AE}: C:\Documents and Settings\Jazz\Local Settings\Application Data\{B1AA2FF7-9359-493C-A35C-5D3FBD8BF4AE}\ [2010/08/01 15:08:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{748600D6-6EB7-4038-8973-B8424931BBD0}: C:\Documents and Settings\Jazz\Local Settings\Application Data\{748600D6-6EB7-4038-8973-B8424931BBD0}\ [2010/08/01 17:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A35649D1-D308-49BF-BDAA-CDFA50DBE679}: C:\Documents and Settings\Jazz\Local Settings\Application Data\{A35649D1-D308-49BF-BDAA-CDFA50DBE679}\ [2010/08/01 17:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ADBA7A5-D2F2-468E-B90A-D01C49A409C6}: C:\Documents and Settings\Jazz\Local Settings\Application Data\{4ADBA7A5-D2F2-468E-B90A-D01C49A409C6}\ [2010/08/01 18:34:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/16 23:16:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 13:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/25 15:53:16 | 000,000,000 | ---D | M]

[2010/03/14 13:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Extensions
[2010/03/14 13:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/11 09:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions
[2012/01/09 13:08:55 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/11/17 22:17:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/17 11:01:03 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/12/13 14:13:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/11 09:29:52 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/24 21:00:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/02 22:21:14 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/11/12 23:13:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/01 01:13:03 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2011/03/02 22:21:13 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\cacaoweb@cacaoweb.org
[2009/10/26 11:53:24 | 000,000,000 | ---D | M] (SeoQuake Plugin - Ask.com) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\seoquake-plugin-ask@seoquake.com
[2009/10/26 11:53:24 | 000,000,000 | ---D | M] (SeoQuake Plugin - Baidu.com) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\seoquake-plugin-baidu@seoquake.com
[2009/10/26 11:53:25 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\seoquake-plugin-delicious@seoquake.com
[2009/10/26 11:53:25 | 000,000,000 | ---D | M] (SeoQuake Plugin - Rambler.ru) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\seoquake-plugin-rambler@seoquake.com
[2009/10/26 11:53:26 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2009/10/26 11:53:26 | 000,000,000 | ---D | M] (SeoQuake Plugin - Technorati.com) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\seoquake-plugin-technorati@seoquake.com
[2010/11/17 22:17:19 | 000,000,000 | ---D | M] (SeoQuake Plugin - Yandex.ru) -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\extensions\seoquake-plugin-yandex@seoquake.com
[2012/01/14 01:54:08 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Jazz\Application Data\Mozilla\Firefox\Profiles\zl0y5z5c.default\searchplugins\diigo--google.xml
[2011/11/23 08:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JAZZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZL0Y5Z5C.DEFAULT\EXTENSIONS\{B97F57B9-1B42-4AED-9475-0022600C62DC}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JAZZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZL0Y5Z5C.DEFAULT\EXTENSIONS\FRIENDLYGAMINGSIMPLIFIER@FLIES.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JAZZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZL0Y5Z5C.DEFAULT\EXTENSIONS\SEO4FIREFOX@SEOBOOK.COM.XPI
[2012/01/09 13:08:45 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/25 15:32:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/09 13:08:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/30 13:48:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/01/09 13:08:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Allieraptor, Jan 20, 2012

#24
Allieraptor Newcomer, in training Posts: 51

OTL txt cont.

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z164&form=ZGACDF&install_date=20120102
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jazz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jazz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jazz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jazz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Friendly Gaming Simplifier = C:\Documents and Settings\Jazz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\1.1.0.60_0\
CHR - Extension: Go to IMDb = C:\Documents and Settings\Jazz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fipkcplmpmhcmfgkgahliaabodplkjio\1.2.3_0\
CHR - Extension: FlashBlock = C:\Documents and Settings\Jazz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Jazz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/01/19 23:43:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Allie_SD_\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1783131627-3882024231-2920578519-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Documents and Settings\All Users\Desktop\Allie_Mal_New\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1783131627-3882024231-2920578519-1004..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1783131627-3882024231-2920578519-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Allie_SD_\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1783131627-3882024231-2920578519-1004..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Jazz\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1783131627-3882024231-2920578519-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1783131627-3882024231-2920578519-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1783131627-3882024231-2920578519-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1783131627-3882024231-2920578519-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Allie_SD_\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281035079250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280813220468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B528CC0-9545-4D89-9610-99D24B03244B}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jazz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jazz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/08 15:19:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/20 00:09:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jazz\Desktop\OTL.exe
[2012/01/19 23:46:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/19 22:32:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/19 22:32:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/19 22:32:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/19 22:32:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/19 22:29:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 21:31:29 | 004,388,721 | R--- | C] (Swearware) -- C:\Documents and Settings\Jazz\Desktop\Allie_S.exe
[2012/01/19 20:05:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jazz\Start Menu\Programs\Administrative Tools
[2012/01/19 05:12:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/01/19 03:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Allie_TR
[2012/01/19 03:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Allie_TR_
[2012/01/19 02:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Allie_SD_
[2012/01/19 02:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Allie_SD_
[2012/01/18 21:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Allie_Mal_New
[2012/01/18 03:07:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jazz\Recent
[2012/01/02 03:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Giraffic
[2012/01/02 03:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2012/01/02 03:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jazz\Start Menu\Programs\Veoh Networks, Inc
[2012/01/02 03:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2011/07/16 23:12:56 | 000,683,792 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2011/05/31 10:40:26 | 035,624,744 | ---- | C] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
[2011/05/31 10:31:39 | 012,795,016 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe
[2010/02/15 12:55:05 | 001,146,696 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-custom.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/20 00:10:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1783131627-3882024231-2920578519-1004.job
[2012/01/20 00:10:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1783131627-3882024231-2920578519-1004.job
[2012/01/20 00:09:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jazz\Desktop\OTL.exe
[2012/01/20 00:03:04 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1783131627-3882024231-2920578519-1004UA.job
[2012/01/19 23:43:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/19 23:41:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 23:41:43 | 3220,557,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 22:07:19 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Jazz\Desktop\rkill.exe
[2012/01/19 21:31:19 | 004,388,721 | R--- | M] (Swearware) -- C:\Documents and Settings\Jazz\Desktop\Allie_S.exe
[2012/01/19 18:03:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/19 15:03:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1783131627-3882024231-2920578519-1004Core.job
[2012/01/19 03:15:17 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Loaris Trojan Remover.lnk
[2012/01/19 02:09:58 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Jazz\Desktop\Spybot - Search & Destroy.lnk
[2012/01/18 21:10:16 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 19:21:02 | 000,009,348 | ---- | M] () -- C:\Documents and Settings\Jazz\Application Data\685d9ca7
[2012/01/18 19:21:02 | 000,009,273 | ---- | M] () -- C:\Documents and Settings\Jazz\Local Settings\Application Data\c07eade0
[2012/01/18 15:31:18 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Jazz\Desktop\Windows Explorer.lnk
[2012/01/18 10:19:05 | 000,012,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/18 08:19:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/18 02:30:32 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/01/16 13:42:24 | 005,183,033 | ---- | M] () -- C:\Documents and Settings\Jazz\My Documents\bluebook.pdf
[2012/01/02 03:42:02 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\Jazz\Desktop\Veoh Web Player.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 22:44:10 | 3220,557,824 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/19 22:32:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/19 22:32:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/19 22:32:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/19 22:32:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/19 22:32:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/19 22:07:25 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Jazz\Desktop\rkill.exe
[2012/01/19 03:13:20 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Loaris Trojan Remover.lnk
[2012/01/18 21:10:16 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 10:04:38 | 000,009,348 | ---- | C] () -- C:\Documents and Settings\Jazz\Application Data\685d9ca7
[2012/01/18 10:04:38 | 000,009,273 | ---- | C] () -- C:\Documents and Settings\Jazz\Local Settings\Application Data\c07eade0
[2012/01/18 08:45:10 | 000,009,277 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\94923091
[2012/01/18 08:45:10 | 000,009,253 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4ad316c9
[2012/01/16 13:42:24 | 005,183,033 | ---- | C] () -- C:\Documents and Settings\Jazz\My Documents\bluebook.pdf
[2012/01/02 03:42:02 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\Jazz\Desktop\Veoh Web Player.lnk
[2011/05/31 10:37:47 | 003,854,848 | ---- | C] () -- C:\Program Files\AdbeRdrUpd944_all_incr.msp
[2010/08/20 07:50:06 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/08/20 07:50:02 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/08/20 07:50:02 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/20 07:48:51 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/15 15:59:10 | 000,046,456 | R--- | C] () -- C:\WINDOWS\System32\exitwx.exe
[2010/07/04 19:07:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vquyisub.dat
[2010/07/04 19:07:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ntavipusovom.bin
[2010/07/04 19:05:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/27 14:55:55 | 004,169,301 | ---- | C] () -- C:\Program Files\FileZilla_3.3.2.1_win32-setup.exe
[2009/11/12 16:15:53 | 000,073,152 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\xOGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\xOGAEXEC.exe
[2009/03/30 14:27:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/02 12:08:05 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Jazz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/01 14:24:30 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008/12/01 14:24:01 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/11/11 17:39:01 | 000,001,788 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2008/10/20 11:35:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/20 10:54:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/20 08:56:03 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/10/20 08:00:52 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2008/09/26 21:12:26 | 000,016,384 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2008/09/22 12:54:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/22 12:03:44 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/05/08 17:15:16 | 000,000,008 | R--- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2007/05/08 17:15:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/05/08 15:48:26 | 000,002,340 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/05/08 15:21:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/05/08 15:16:39 | 000,022,832 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/05/08 08:08:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/05/08 08:07:29 | 000,309,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/12/11 17:19:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/04 06:00:00 | 000,437,710 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,069,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/08/16 09:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/29 18:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/01/02 03:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2008/12/01 14:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/01/22 23:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/08/05 12:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/12/01 14:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xara
[2010/04/22 09:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/12 14:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/05 12:17:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/17 10:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jazz\Application Data\Artisteer
[2012/01/09 01:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jazz\Application Data\FileZilla
[2008/11/12 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jazz\Application Data\IBP
[2010/08/05 10:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jazz\Application Data\LimeWire
[2008/12/01 14:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jazz\Application Data\MAGIX
[2010/06/11 09:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jazz\Application Data\Opera
[2011/12/21 23:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jazz\Application Data\Tropico 3
[2010/08/05 12:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jazz\Application Data\TuneUp Software
[2009/04/15 08:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jazz\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/05/08 15:19:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/09/26 20:37:35 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2010/08/19 19:00:23 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2012/01/20 00:00:05 | 000,029,125 | ---- | M] () -- C:\ComboFix.txt
[2007/05/08 15:19:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/01/19 23:41:43 | 3220,557,824 | -HS- | M] () -- C:\hiberfil.sys
[2007/05/08 15:19:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/08 15:19:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 06:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/19 23:41:41 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/01/19 22:27:32 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2011/12/08 04:38:32 | 000,000,711 | ---- | M] () -- C:\Settings.ini
[2010/08/05 12:57:46 | 000,042,964 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_05.08.2010_13.54.29_log.txt

Allieraptor, Jan 20, 2012

#25

Allieraptor Newcomer, in training Posts: 51

OTL txt cont.

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/08/19 19:04:34 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2003/08/06 14:08:19 | 000,081,676 | ---- | M] () -- C:\WINDOWS\alienware logo_slvr.jpg
[2003/08/06 14:08:19 | 000,081,676 | ---- | M] () -- C:\WINDOWS\alienware_logo_slvr.jpg
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2007/08/14 07:51:03 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Alienware games download store.url

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/05/31 10:37:32 | 003,854,848 | ---- | M] () -- C:\Program Files\AdbeRdrUpd944_all_incr.msp
[2011/05/31 10:32:19 | 012,795,016 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe
[2010/04/27 14:56:25 | 004,169,301 | ---- | M] () -- C:\Program Files\FileZilla_3.3.2.1_win32-setup.exe
[2011/07/16 23:12:40 | 000,683,792 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2011/05/31 10:43:57 | 035,624,744 | ---- | M] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
[2010/02/15 12:55:06 | 001,146,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wlsetup-custom.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/08/19 13:37:40 | 004,718,592 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/08/19 18:25:07 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2010/08/19 13:37:40 | 040,894,464 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/08/19 13:37:40 | 006,553,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/01/19 21:31:19 | 004,388,721 | R--- | M] (Swearware) -- C:\Documents and Settings\Jazz\Desktop\Allie_S.exe
[2012/01/20 00:09:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jazz\Desktop\OTL.exe
[2012/01/19 22:07:19 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Jazz\Desktop\rkill.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2003/09/22 12:36:46 | 000,013,448 | ---- | M] () -- C:\WINDOWS\M2000Twn.src
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/26 20:38:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jazz\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/12 06:39:00 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Jazz\Cookies\desktop.ini
[2012/01/20 00:10:16 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Jazz\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[1 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

< %SYSTEMROOT%\Installer\*.exe >
[2005/12/04 18:14:58 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 03:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 21:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 03:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 21:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 21:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 21:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware_logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc

< End of report >

Allieraptor, Jan 20, 2012

#26

Allieraptor Newcomer, in training Posts: 51

Extras txt

OTL Extras logfile created on: 1/20/2012 12:10:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jazz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.04% Memory free
4.84 Gb Paging File | 4.21 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 26.98 Gb Free Space | 24.14% Space Free | Partition Type: NTFS

Computer Name: AREA51 | User Name: Jazz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-1783131627-3882024231-2920578519-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Aspyr\1701 A.D\1701.exe" = C:\Program Files\Aspyr\1701 A.D\1701.exe:*:Enabled:1701 A.D. -- (Related Designs Software GmbH)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*isabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Giraffic\Veoh_Giraffic.exe" = C:\Program Files\Giraffic\Veoh_Giraffic.exe:*:Enabled:Veoh Giraffic (Agent) -- (Giraffic)
"C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe" = C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe:*:Enabled:Veoh Giraffic (Watchdog) -- (Giraffic)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18039280-98B7-4C5E-AAC0-10EBC9731033}" = Nero 7 Essentials
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3B0293FF-A9C4-4A41-A0D5-1302429EF0DE}" = Xara Xtreme Pro
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C3CA595-C639-427A-AD69-0CFD56041762}" = Function Key Controller
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{796CE7A8-37DD-54B3-75CF-E188739B918F}" = TweetDeck
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = 1701 A.D.
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Artisteer 2" = Artisteer 2
"avast" = avast! Free Antivirus
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"EADM" = EA Download Manager
"Eye Candy 4000" = Alien Skin Eye Candy 4000
"FileZilla Client" = FileZilla Client 3.4.0
"FLV Player" = FLV Player 2.0 (build 25)
"FLVPlayer" = FLV Player 1.3.3
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free FLV Converter_is1" = Free FLV Converter V 6.3.0
"Free Studio_is1" = Free Studio version 4.1
"Giraffic" = Veoh Giraffic Video Accelerator
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.5.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tropico3" = Tropico 3 1.02
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Xara Xtreme Pro 4 e-version UK" = Xara Xtreme Pro 4 e-version
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1783131627-3882024231-2920578519-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2012 4:02:33 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
Description = Faulting application sdupdate.exe, version 1.6.0.12, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 1/19/2012 4:59:46 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x4ec674b2.

Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/19/2012 11:01:31 PM | Computer Name = AREA51 | Source = Application Hang | ID = 1002
Description = Hanging application psi.exe, version 1.5.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2012 11:01:31 PM | Computer Name = AREA51 | Source = Application Hang | ID = 1002
Description = Hanging application psi.exe, version 1.5.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2012 12:23:08 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 1/20/2012 12:23:10 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

[ System Events ]
Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
Tcpip

Error - 1/20/2012 12:28:26 AM | Computer Name = AREA51 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/20/2012 12:31:26 AM | Computer Name = AREA51 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/20/2012 12:41:56 AM | Computer Name = AREA51 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/20/2012 12:45:36 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
error: %%1083

Error - 1/20/2012 12:47:07 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7034
Description = The Updater Service for StartNow Toolbar service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/20/2012 1:43:02 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
error: %%1083

< End of report >

Allieraptor, Jan 20, 2012

#27
Allieraptor Newcomer, in training Posts: 51

Update

I'm so sorry but I'm going to have to grab a few hours of sleep. I'll check back in first thing in the morning. Thank you so very much for all your help today!

Be back soon!

Allieraptor, Jan 20, 2012

#28
Allieraptor Newcomer, in training Posts: 51

Ready for Round Two!

Good Morning! I'm back and ready for round two. *grin*

Allieraptor, Jan 20, 2012

#29
Broni Malware Annihilator Posts: 39,206 +175
My avast has stopped loading on start up though

Most likely it needs reinstalling. The infection might have corrupted some file(s).

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O37 - HKU\.DEFAULT\...exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %* O37 - HKU\S-1-5-18\...exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %* [2012/01/18 19:21:02 | 000,009,273 | ---- | M] () -- C:\Documents and Settings\Jazz\Local Settings\Application Data\c07eade0 [2012/01/18 08:45:10 | 000,009,277 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\94923091 [2012/01/18 08:45:10 | 000,009,253 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4ad316c9 @Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware_logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc @Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

=============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, Jan 20, 2012

#30
Allieraptor Newcomer, in training Posts: 51

OTL

I am currently running the OTL fixes as instructed. However, it seems to be stuck. It says its killing processes and not to interrupt, but it's been almost an hour now with no progression. Should I stop the scan or let it be?

Allieraptor, Jan 20, 2012

#31
Broni Malware Annihilator Posts: 39,206 +175

Restart manually and run the fix from safe mode.

Broni, Jan 20, 2012

#32
Allieraptor Newcomer, in training Posts: 51

OTL Fix log

Here is the OTL Fix log. I will move on to the next step in the process.

_______

All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\mdaw\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\mdaw\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\Jazz\Local Settings\Application Data\c07eade0 moved successfully.
C:\Documents and Settings\NetworkService\Application Data\94923091 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\4ad316c9 moved successfully.
ADS C:\WINDOWS\alienware_logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINDOWS\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Jazz
->Temp folder emptied: 626700 bytes
->Temporary Internet Files folder emptied: 1131857 bytes
->Java cache emptied: 573811390 bytes
->FireFox cache emptied: 84963743 bytes
->Google Chrome cache emptied: 856432 bytes
->Apple Safari cache emptied: 3265536 bytes
->Flash cache emptied: 842821399 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 6242438 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 10376 bytes
->Flash cache emptied: 3206 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4654439 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 499913 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,449.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Jazz
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jazz
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01202012_150357

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Allieraptor, Jan 20, 2012

#33
Allieraptor Newcomer, in training Posts: 51

Security Check log

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Secunia PSI
Loaris Trojan Remover 1.2
HijackThis 2.0.2
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 30
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Alwil Software Avast5 AvastSvc.exe
``````````End of Log````````````

Allieraptor, Jan 20, 2012

#34
Allieraptor Newcomer, in training Posts: 51

FSS Log

Farbar Service Scanner Version: 18-01-2012 01
Ran by Jazz (administrator) on 20-01-2012 at 15:40:26
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) aswTdi(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000B000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

Allieraptor, Jan 20, 2012

#35
Allieraptor Newcomer, in training Posts: 51

TFC

The Temp File Cleaner seems to be locked up. It has not progressed past the "stopping running processes" function in approx. 30 minutes. Should I manually restart in safe mode and try again or no? Sorry to be so hesitant but I don't wanna mess anything up.

Allieraptor, Jan 20, 2012

#36
Broni Malware Annihilator Posts: 39,206 +175

It's always good to ask.
Restart manually to safe mode and run it from there.

Broni, Jan 20, 2012

#37
Allieraptor Newcomer, in training Posts: 51

TFC Log

Getting user folders.

Stopping running processes.

Emptying Temp folders.

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jazz
->Temp folder emptied: 16263479 bytes
->Temporary Internet Files folder emptied: 55717 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 23777486 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 991 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 38.00 mb

Allieraptor, Jan 20, 2012

#38
Allieraptor Newcomer, in training Posts: 51

EST Scan

I have the EST Scan running at the moment. However, I am concerned that my Avast appears to be running from startup. It would not allow me to shut it down from my Taskbar. In addition, when I tried to uninstall it, it would not allow it either. Any suggestions on my course of action with it would be appreciated. My guess is, that when I renamed the execute file to get it to run in the beginning of all this, it altered the function of the above mentioned tasks.

Allieraptor, Jan 20, 2012

#39
Broni Malware Annihilator Posts: 39,206 +175

Just leave it alone.

Broni, Jan 20, 2012

#40

Page 2 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.