TechSpot

Virus - Can't install Malwarebytes - Access is denied

Solved
By houston10s
Apr 9, 2011
  1. The PC has conracted a virus. Do not see any name associated with the virus. I've tried to install malwarebytes in both normal and safe mode but receive the error, Access is denied. I have disabled essential startup services and programs via msconfig. I've run GMER. A save option does not appear either before or after clicking on the GMER Scan button. I have run TFC. I have pasted both dds logs below. Thank you in advance for your help. Please advise.

    .
    DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
    Run by gary at 7:31:43.59 on Sat 04/09/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1762 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    G:\dds\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    mPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
    DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
    DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mymail.drakausa.com/iNotes6W.cab
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/59.15/uploader2.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194977416857
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195505436639
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://am.sa.draka.com/dana-cached/setup/JuniperSetupSP1.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: cryptnet32 - cryptnet32.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    S1 CorexCardScan;CardScan USB Scanner;c:\windows\system32\drivers\slcorex.sys [2003-5-22 8448]
    S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
    S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    S2 PPNT;PPNT;c:\windows\system32\drivers\ppnt.sys [2003-12-1 13824]
    S3 EL3C574;FE574B-3Com 10/100 LAN PCCard Device Driver;c:\windows\system32\drivers\el574nd4.sys [2007-2-16 24653]
    S3 OnePointDomainAdminService;Active Directory Migration Agent;c:\windows\onepointdomainagent\DCTAgentService.exe [2008-7-18 39424]
    S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    S4 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2010-12-9 245760]
    S4 TIRmtCtl;Track-It! Remote Control;c:\windows\tiremote\wuser32.exe [2007-11-14 311374]
    S4 TIRmtSvc;Track-It! Workstation Manager;c:\windows\tiremote\TIRemoteService.exe [2007-11-14 610816]
    .
    =============== Created Last 30 ================
    .
    2011-04-09 03:20:38 -------- d-----w- c:\docume~1\gary\applic~1\Malwarebytes
    2011-04-09 03:17:09 -------- d-sh--w- c:\documents and settings\gary\PrivacIE
    2011-04-09 03:17:04 -------- d-sh--w- c:\documents and settings\gary\IETldCache
    2011-04-09 02:38:52 471040 ---ha-w- c:\docume~1\alluse~1\applic~1\20373300.exe
    2011-04-09 02:29:42 544768 ---ha-w- c:\docume~1\alluse~1\applic~1\BkTMsDGeKfjuDY.exe
    2011-04-08 13:18:21 6792528 ---ha-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{efd8fa40-eff0-4f81-a49f-c8b29eeab94e}\mpengine.dll
    2011-04-06 05:18:57 -------- d--h--w- c:\docume~1\alluse~1\applic~1\espionServerData
    2011-04-06 04:34:12 -------- d--h--w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
    2011-03-25 23:48:06 4284416 ---ha-w- c:\windows\system32\GPhotos.scr
    .
    ==================== Find3M ====================
    .
    2011-02-25 23:23:17 296056 ---ha-w- c:\windows\system32\shimg.dll
    2011-02-09 13:53:52 270848 ---ha-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ---ha-w- c:\windows\system32\encdec.dll
    2011-02-03 03:40:23 472808 ---ha-w- c:\windows\system32\deployJava1.dll
    2011-02-03 01:19:39 73728 ---ha-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58:35 2067456 ---ha-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ---ha-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ---ha-w- c:\windows\system32\shimgvw.dll
    .
    ============= FINISH: 7:32:49.60 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/13/2007 6:00:51 PM
    System Uptime: 4/9/2011 7:28:27 AM (0 hours ago)
    .
    Motherboard: LENOVO | | 195143U
    Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | None | 1828/167mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 24 GiB total, 6.035 GiB free.
    D: is FIXED (NTFS) - 31 GiB total, 9.156 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID: PCI\VEN_8086&DEV_4227&SUBSYS_10108086&REV_02\4&20975680&0&00E1
    Manufacturer: Intel Corporation
    Name: Intel(R) PRO/Wireless 3945ABG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4227&SUBSYS_10108086&REV_02\4&20975680&0&00E1
    Service: NETw3x32
    .
    ==== System Restore Points ===================
    .
    RP133: 3/15/2011 9:57:38 AM - System Checkpoint
    RP134: 3/16/2011 9:44:38 AM - Software Distribution Service 3.0
    RP135: 3/17/2011 11:08:53 AM - System Checkpoint
    RP136: 3/18/2011 8:39:10 AM - Software Distribution Service 3.0
    RP137: 3/19/2011 11:16:13 AM - Software Distribution Service 3.0
    RP138: 3/20/2011 12:35:02 PM - System Checkpoint
    RP139: 3/21/2011 2:04:09 PM - Software Distribution Service 3.0
    RP140: 3/22/2011 1:58:24 PM - Software Distribution Service 3.0
    RP141: 3/23/2011 4:08:52 PM - System Checkpoint
    RP142: 3/24/2011 12:48:56 AM - Software Distribution Service 3.0
    RP143: 3/24/2011 9:27:13 AM - Software Distribution Service 3.0
    RP144: 3/25/2011 3:43:40 PM - Software Distribution Service 3.0
    RP145: 3/28/2011 12:16:10 AM - Software Distribution Service 3.0
    RP146: 3/29/2011 1:06:00 AM - System Checkpoint
    RP147: 3/29/2011 10:10:46 AM - Software Distribution Service 3.0
    RP148: 3/30/2011 11:10:24 AM - System Checkpoint
    RP149: 3/31/2011 10:53:59 AM - Software Distribution Service 3.0
    RP150: 4/1/2011 12:49:42 PM - System Checkpoint
    RP151: 4/2/2011 8:52:16 AM - Software Distribution Service 3.0
    RP152: 4/3/2011 2:02:36 AM - Software Distribution Service 3.0
    RP153: 4/3/2011 8:51:54 AM - Software Distribution Service 3.0
    RP154: 4/4/2011 8:51:47 AM - Software Distribution Service 3.0
    RP155: 4/5/2011 10:56:46 AM - Software Distribution Service 3.0
    RP156: 4/5/2011 11:21:37 PM - Installed Adobe Photoshop Elements 9.
    RP157: 4/7/2011 8:13:16 AM - Software Distribution Service 3.0
    RP158: 4/8/2011 8:18:16 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop Elements 9
    Adobe Photoshop.com Inspiration Browser
    Adobe Reader 8.1.3
    Adobe® Photoshop® Album Starter Edition 3.2
    AiO_Scan_CDA
    AiOSoftwareNPI
    ArcSoft Panorama Maker 3
    AVS DVDMenu Editor 1.2.1.19
    AVS Video Converter 5.6
    AVS4YOU Software Navigator 1.2
    Brother MFL-Pro Suite MFC-J410W
    BufferChm
    C3100
    c3100_Help
    CardScan 6.0.6
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    eCopy Desktop
    Elements 9 Organizer
    Elements STI Installer
    ESET Online Scanner v3
    eSupportQFolder
    Fax_CDA
    FAXCOM for Domino - Client
    Glary Utilities 2.20.0.831
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Imaging Device Functions 7.0
    HP Photosmart Essential
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Software Update
    HP Solution Center 7.0
    HPPhotoSmartExpress
    HPProductAssistant
    InstantShareDevicesMFC
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    Java Auto Updater
    Java(TM) 6 Update 24
    Juniper Networks Network Connect 5.5.0
    Lotus Notes 6.5.1
    Malwarebytes' Anti-Malware
    mCore
    mDriver
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Excel Viewer 2003
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Office Word Viewer 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    mMHouse
    mPfMgr
    mProSafe
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    mWlsSafe
    mXML
    NewCopy_CDA
    OCR Software by I.R.I.S 7.0
    OGA Notifier 2.0.0048.0
    OpenOffice.org Installer 1.0
    PanoStandAlone
    PaperPort Image Printer
    Pdf995 (installed by TaxCut)
    PdfEdit995 (installed by TaxCut)
    Photo Story 3 for Windows
    Picaboo X
    Picasa 3
    PictureProject
    PictureProject In Touch Downloader 1.0
    ProductContextNPI
    QuickTime
    ReadIRIS
    Readme
    Scan
    ScannerCopy
    ScanSoft PaperPort 11
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype™ 3.8
    SolutionCenter
    Sonic Express Labeler
    Sonic RecordNow!
    Sonic Update Manager
    Status
    Symantec Enterprise Vault Outlook Add-In
    ThinkPad Modem
    ThinkPad Power Management Driver
    ThinkPad Power Manager
    ThinkPad UltraNav Driver
    Toolbox
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    WebReg
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Live installer
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/8/2011 10:13:21 PM, error: Microsoft Antimalware [1014] - Microsoft Antimalware has encountered an error trying to remove history of malware and other potentially unwanted software. Time: 3/9/2011 10:13:21 PM User: NT AUTHORITY\SYSTEM Error Code: 0x80070005 Error description: Access is denied.
    4/8/2011 10:12:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    4/8/2011 10:04:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter TPPWRIF
    4/8/2011 10:04:43 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
    4/8/2011 10:03:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/8/2011 10:03:18 PM, error: SRService [104] - The System Restore initialization process failed.
    4/6/2011 7:41:07 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
    4/5/2011 10:46:19 AM, error: Service Control Manager [7000] - The MSCamSvc service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================
     
  2. houston10s

    houston10s TS Rookie Topic Starter Posts: 28

    Addendum - gmer log

    In safe mode could not see GMER's save option. I could see it in normal mode. Ran GMER again and am posting the log below. Also had run tdsskiller previously and it did not find any threats. Thanks...

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-09 15:43:40
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS54106 rev.MB3I
    Running: iuuj397j.exe; Driver: C:\DOCUME~1\gary\LOCALS~1\Temp\pgliqpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  3. Broni

    Broni Malware Annihilator Posts: 47,980   +271

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Any particular reason, why you ran DDS from safe mode?

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. houston10s

    houston10s TS Rookie Topic Starter Posts: 28

    Hi Broni,

    Running in safe mode seemed like a good idea at the time. Running from this point in normal mode. While waiting I installed and ran SuperAntiSpyware. It found and cleaned 2 trojan gen-fake viruses. I ran combo box as per your instructions. Though it did give an exception processing error it did create a log which I have pasted below. I have also pasted below the mbrcheck log as per your instructions:

    ComboFix 11-04-09.01 - gary 04/09/2011 19:07:15.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1627 [GMT -5:00]
    Running from: c:\documents and settings\gary\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\menezesa\Application Data\Schedule Plus Interchange (.sc2) .ADR
    c:\documents and settings\menezesa\Application Data\Schedule Plus Interchange (.sc2) .CAL
    c:\documents and settings\menezesa\Application Data\Schedule Plus Interchange (.sc2) .TSK
    c:\documents and settings\sak\Start Menu\Programs\Windows Restore
    c:\windows\system32\shimg.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_USNJSVC
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-09 23:02 . 2011-04-09 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-04-09 23:02 . 2011-04-09 23:02 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-04-09 19:37 . 2011-04-09 19:38 -------- d-----w- C:\oldvirus
    2011-04-09 03:16 . 2011-04-09 03:17 -------- d-----w- c:\documents and settings\gary
    2011-04-08 13:18 . 2011-03-15 04:05 6792528 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFD8FA40-EFF0-4F81-A49F-C8B29EEAB94E}\mpengine.dll
    2011-04-06 05:18 . 2011-04-06 05:18 -------- d--h--w- c:\documents and settings\All Users\Application Data\espionServerData
    2011-04-06 04:34 . 2011-04-06 05:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
    2011-03-25 23:48 . 2011-03-25 23:48 4284416 ---ha-w- c:\windows\system32\GPhotos.scr
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-15 04:05 . 2011-03-09 02:00 6792528 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-02-09 13:53 . 2004-08-04 12:00 270848 ---ha-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-04 12:00 186880 ---ha-w- c:\windows\system32\encdec.dll
    2011-02-03 03:40 . 2010-05-14 16:38 472808 ---ha-w- c:\windows\system32\deployJava1.dll
    2011-02-03 01:19 . 2008-06-21 18:45 73728 ---ha-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58 . 2007-02-13 23:53 2067456 ---ha-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2007-02-13 23:53 677888 ---ha-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-04 12:00 439296 ---ha-w- c:\windows\system32\shimgvw.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
    .
    c:\documents and settings\menezesa\Start Menu\Programs\Startup\
    Screen Saver Control.lnk - c:\windows\FSScrCtl.exe [2001-8-8 241664]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-343818398-725345543-7889\Scripts\Logon\0\0]
    "Script"=\\houdc01\netlogon\hou.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2636023787-564363548-2042505478-1535\Scripts\Logon\0\0]
    "Script"=\\corp.draka.com\netlogon\usnd1\nd1.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2636023787-564363548-2042505478-26816\Scripts\Logon\0\0]
    "Script"=\\corp.draka.com\netlogon\USHO1\HO1.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 07:04 39792 ---ha-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-07-29 06:25 497648 ---ha-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
    2006-12-20 06:14 208896 ---ha-w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
    2010-02-09 22:43 2621440 ---h--r- c:\program files\Browny02\Brother\BrStMonW.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
    2008-12-24 16:26 114688 ---h--w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ---ha-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-07-24 04:00 136176 ---hatw- c:\documents and settings\sak\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2006-09-15 14:50 77824 ---ha-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2006-09-15 14:54 118784 ---ha-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2006-09-15 14:53 94208 ---ha-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2008-07-10 05:05 46368 ---ha-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 21:50 221184 ---ha-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~2\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-02-16 22:15 81920 ---ha-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
    2010-11-30 19:20 997408 ---ha-w- c:\program files\Microsoft Security Client\msseces.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2007-10-18 17:34 5724184 ---ha-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
    2009-01-08 13:44 70936 ---ha-w- c:\documents and settings\sak\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2008-07-10 05:07 29984 ---ha-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
    2006-12-20 06:14 159744 ---ha-w- c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-01-10 21:27 385024 ---ha-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2005-05-20 14:11 925696 ---ha-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-10-25 15:03 210472 ---ha-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 20:49 249064 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2007-08-11 07:30 512000 ---ha-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    2007-08-11 07:30 110592 ---ha-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
    2006-10-13 22:04 707376 ---ha-w- c:\windows\vVX3000.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "wlidsvc"=2 (0x2)
    "usnjsvc"=3 (0x3)
    "TIRmtSvc"=2 (0x2)
    "TIRmtCtl"=2 (0x2)
    "S24EventMonitor"=2 (0x2)
    "RegSrvc"=2 (0x2)
    "ose"=3 (0x3)
    "Multi-user Cleanup Service"=2 (0x2)
    "MsMpSvc"=2 (0x2)
    "MSCamSvc"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "idsvc"=3 (0x3)
    "IBMPMSVC"=2 (0x2)
    "gusvc"=3 (0x3)
    "EvtEng"=2 (0x2)
    "DWMRCS"=2 (0x2)
    "dsNcService"=2 (0x2)
    "BrYNSvc"=3 (0x3)
    "AdobeActiveFileMonitor9.0"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Documents and Settings\\sak\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    R2 PPNT;PPNT;c:\windows\system32\drivers\ppnt.sys [12/1/2003 2:44 AM 13824]
    S1 CorexCardScan;CardScan USB Scanner;c:\windows\system32\drivers\slcorex.sys [5/22/2003 12:32 AM 8448]
    S3 EL3C574;FE574B-3Com 10/100 LAN PCCard Device Driver;c:\windows\system32\drivers\el574nd4.sys [2/16/2007 4:28 PM 24653]
    S3 OnePointDomainAdminService;Active Directory Migration Agent;c:\windows\OnePointDomainAgent\DCTAgentService.exe [7/18/2008 2:56 PM 39424]
    S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/30/2010 3:06 AM 169408]
    S4 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/9/2010 10:52 PM 245760]
    S4 TIRmtCtl;Track-It! Remote Control;c:\windows\TIREMOTE\wuser32.exe [11/14/2007 1:53 PM 311374]
    S4 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [11/14/2007 1:53 PM 610816]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-07 c:\windows\Tasks\AdobeAAMUpdater-1.0-COMPUTERROOM-sak.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]
    .
    2011-04-10 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-07-25 00:44]
    .
    2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1715567821-725345543-1005Core.job
    - c:\documents and settings\sak\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-24 04:00]
    .
    2011-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1715567821-725345543-1005UA.job
    - c:\documents and settings\sak\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-24 04:00]
    .
    2011-04-09 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]
    .
    2011-04-08 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-02-14 06:14]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-klmdb.sys
    MSConfigStartUp-BkTMsDGeKfjuDY - c:\documents and settings\All Users\Application Data\BkTMsDGeKfjuDY.exe
    AddRemove-HijackThis - f:\toolkit\HijackThis.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-09 19:14
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(772)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2024)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-04-09 19:18:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-10 00:18
    .
    Pre-Run: 4,096,274,432 bytes free
    Post-Run: 4,074,074,112 bytes free
    .
    - - End Of File - - 805F375AABA306C54A9DD6DE5C7300F6


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000007c

    Kernel Drivers (total 142):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB9F4A000 pcmcia.sys
    0xBA0B8000 MountMgr.sys
    0xB9F2B000 ftdisk.sys
    0xBA4C4000 ACPIEC.sys
    0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xB9F13000 atapi.sys
    0xB9E3D000 iaStor.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9E1D000 fltmgr.sys
    0xB9E0B000 sr.sys
    0xBA0F8000 PxHelp20.sys
    0xB9DF4000 KSecDD.sys
    0xB9D67000 Ntfs.sys
    0xB9D3A000 NDIS.sys
    0xB9D20000 Mup.sys
    0xBA178000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB9065000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xB9051000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB9029000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB8FFC000 \SystemRoot\system32\DRIVERS\e1e5132.sys
    0xBA400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB8FD8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA408000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA410000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB8FAC000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xBA5E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA418000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA198000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA560000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB8F98000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA420000 \SystemRoot\system32\DRIVERS\nscirda.sys
    0xBA564000 \SystemRoot\system32\DRIVERS\irenum.sys
    0xBA428000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
    0xBA56C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xBA570000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA1B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA1C8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB8F75000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA1D8000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
    0xBA72F000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA430000 \SystemRoot\system32\DRIVERS\rasirda.sys
    0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA57C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8F5E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB8F4D000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA440000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA448000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB8F1D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA5E8000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB8EBF000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA594000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB95BA000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA88FE000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0xA88DA000 \SystemRoot\system32\drivers\portcls.sys
    0xBA268000 \SystemRoot\system32\drivers\drmk.sys
    0xA88C3000 \SystemRoot\system32\drivers\AEAudio.sys
    0xA8890000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    0xA879E000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    0xA86EC000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xBA498000 \SystemRoot\System32\Drivers\Modem.SYS
    0xA7968000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xA61C0000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0xA70B6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xA6A0E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA7E6000 \SystemRoot\System32\Drivers\Null.SYS
    0xA6A0C000 \SystemRoot\System32\Drivers\Beep.SYS
    0xA70A6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xA709E000 \SystemRoot\System32\drivers\vga.sys
    0xA6A0A000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xA6A08000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA3C0000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA3D0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA81C7000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA0B44000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA0205000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0x9F5DE000 \SystemRoot\system32\DRIVERS\netbt.sys
    0x9EE08000 \SystemRoot\System32\drivers\afd.sys
    0x9FB6D000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9FB05000 \SystemRoot\System32\drivers\Tppwrif.sys
    0x9D7E0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0x9D7BA000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x9E90A000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x9E63F000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x9E8FA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x9E2C1000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x9E2B9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x9E633000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x9E2B1000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x9E62F000 \SystemRoot\system32\DRIVERS\BrScnUsb.sys
    0x9D78F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x9D71F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9E8EA000 \SystemRoot\System32\Drivers\Fips.SYS
    0x9D6FB000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0x9D625000 \SystemRoot\System32\Drivers\dump_iastor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0x9DD4B000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9DC33000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA688000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF021000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF043000 \SystemRoot\System32\ialmdev5.DLL
    0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
    0xBF16E000 \SystemRoot\System32\ATMFD.DLL
    0xBA460000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0x9D60F000 \SystemRoot\system32\DRIVERS\irda.sys
    0xA8CF0000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA8CE8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9D592000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xBA148000 \??\C:\WINDOWS\system32\Drivers\PAR1284.SYS
    0xA4371000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xBA3A0000 \??\C:\WINDOWS\system32\Drivers\PPNT.SYS
    0x9D5EB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9D512000 \SystemRoot\system32\DRIVERS\srv.sys
    0x9D395000 \SystemRoot\system32\drivers\wdmaud.sys
    0x9DB73000 \SystemRoot\system32\drivers\sysaudio.sys
    0x9D16E000 \SystemRoot\System32\Drivers\HTTP.sys
    0x9D07E000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0x9CF8B000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 24):
    0 System Idle Process
    4 System
    700 C:\WINDOWS\system32\smss.exe
    752 csrss.exe
    776 C:\WINDOWS\system32\winlogon.exe
    820 C:\WINDOWS\system32\services.exe
    832 C:\WINDOWS\system32\lsass.exe
    988 C:\WINDOWS\system32\svchost.exe
    1068 svchost.exe
    1212 C:\WINDOWS\system32\svchost.exe
    1356 svchost.exe
    1464 svchost.exe
    1628 C:\WINDOWS\system32\spoolsv.exe
    1824 svchost.exe
    1932 C:\WINDOWS\system32\svchost.exe
    212 C:\WINDOWS\system32\svchost.exe
    1104 C:\WINDOWS\explorer.exe
    1768 alg.exe
    1396 C:\WINDOWS\system32\ctfmon.exe
    1480 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    920 C:\Program Files\Internet Explorer\iexplore.exe
    452 C:\Program Files\Internet Explorer\iexplore.exe
    3524 C:\Program Files\Internet Explorer\iexplore.exe
    2168 C:\Documents and Settings\gary\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000006`1a63be00 (NTFS)

    PhysicalDrive0 Model Number: HTS541060G9SA00, Rev: MB3IC60H

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  5. Broni

    Broni Malware Annihilator Posts: 47,980   +271

    Well done :)

    Combofix log looks good now.

    See, if you can update and run MBAM in normal mode now.
     
  6. houston10s

    houston10s TS Rookie Topic Starter Posts: 28

    Broni,

    All looks well. I can update and run MBAM which did not find any issues. All other functions seem to be showing up and working normally.

    Thank you so much for your time and expertise. You are a blessing. You definitely make the world a better place.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,980   +271

    Good news, but.....no so fast :)
    We're not done yet....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. houston10s

    houston10s TS Rookie Topic Starter Posts: 28

    As per your instructions, pasted below is part 1 of otl.txt. Part 2 of otl.txt and extras.txt will be pasted into separate messages and sent immediately following this message:

    OTL logfile created on: 4/9/2011 9:37:43 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\gary\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24.41 Gb Total Space | 3.64 Gb Free Space | 14.93% Space Free | Partition Type: NTFS
    Drive D: | 31.47 Gb Total Space | 10.65 Gb Free Space | 33.85% Space Free | Partition Type: NTFS
    Drive G: | 488.00 Mb Total Space | 445.64 Mb Free Space | 91.32% Space Free | Partition Type: FAT

    Computer Name: COMPUTERROOM | User Name: gary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/09 21:33:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
    PRC - [2011/03/16 17:24:21 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    PRC - [2010/02/09 17:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
    PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/11 02:30:40 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2007/07/16 17:21:26 | 000,410,976 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    PRC - [2007/02/02 09:11:30 | 000,208,384 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE
    PRC - [2006/11/06 16:44:02 | 000,071,680 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE
    PRC - [2006/10/13 17:04:06 | 000,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
    PRC - [2006/08/18 15:23:12 | 000,610,816 | ---- | M] (Numara Software, Inc.) -- C:\WINDOWS\TIREMOTE\TIRemoteService.exe
    PRC - [2006/08/18 15:08:44 | 000,311,374 | ---- | M] (Intuit Track-It!) -- C:\WINDOWS\TIREMOTE\wuser32.exe
    PRC - [2005/02/16 17:15:20 | 000,581,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    PRC - [2004/01/09 04:56:44 | 000,057,393 | ---- | M] (IBM Corp) -- C:\lotus\notes\ntmulti.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/09 21:33:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2007/08/11 02:30:34 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (MSCamSvc)
    SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
    SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2007/07/16 17:21:26 | 000,410,976 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
    SRV - [2007/02/02 09:11:30 | 000,208,384 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
    SRV - [2006/08/18 15:23:12 | 000,610,816 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\WINDOWS\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
    SRV - [2006/08/18 15:08:44 | 000,311,374 | ---- | M] (Intuit Track-It!) [Auto | Running] -- C:\WINDOWS\TIREMOTE\wuser32.exe -- (TIRmtCtl)
    SRV - [2005/09/20 06:20:14 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\OnePointDomainAgent\DCTAgentService.exe -- (OnePointDomainAdminService)
    SRV - [2004/01/09 04:56:44 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Running] -- C:\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/09 20:23:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{42E85B89-491C-413B-833F-0FD39288D219}\MpKslf81a49d2.sys -- (MpKslf81a49d2)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2007/07/16 14:56:36 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - [2006/12/20 01:14:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
    DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2006/10/13 17:04:30 | 001,966,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
    DRV - [2006/08/28 22:12:00 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/08/28 22:11:00 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/08/28 22:10:00 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/02/17 10:26:14 | 001,298,944 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctmmfilt.sys -- (ctmmfilt)
    DRV - [2005/02/17 10:19:16 | 000,339,984 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2005/02/17 10:18:20 | 000,410,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2005/02/17 10:18:18 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2005/02/17 10:18:16 | 000,704,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
    DRV - [2005/02/17 10:18:14 | 000,172,032 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
    DRV - [2005/02/17 10:18:14 | 000,148,480 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
    DRV - [2005/02/17 10:18:12 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/02/17 10:18:10 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2005/02/17 10:18:10 | 000,071,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2005/02/17 10:18:08 | 000,497,664 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2003/12/01 02:44:12 | 000,054,792 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\par1284.sys -- (PAR1284)
    DRV - [2003/12/01 02:44:12 | 000,013,824 | ---- | M] (Corex Technologies Corp.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ppnt.sys -- (PPNT)
    DRV - [2003/05/22 00:32:30 | 000,008,448 | ---- | M] (CYPRESS Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\slcorex.sys -- (CorexCardScan)
    DRV - [2001/08/17 12:10:56 | 000,024,653 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el574nd4.sys -- (EL3C574)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 90 B4 83 27 F7 CB 01 [binary data]
    IE - HKU\S-1-5-21-117609710-1715567821-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2011/04/09 19:14:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-117609710-1715567821-725345543-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\menezesa\Start Menu\Programs\Startup\Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe (Stardust Software)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-117609710-1715567821-725345543-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mymail.drakausa.com/iNotes6W.cab (iNotes6 Class)
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/59.15/uploader2.cab (UploadListView Class)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194977416857 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195505436639 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://am.sa.draka.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\WINDOWS\Draka USA Desktop Background 1024 x 768.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Draka USA Desktop Background 1024 x 768.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/02/13 18:58:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
    Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
    Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/09 21:33:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
    [2011/04/09 21:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\Adobe
    [2011/04/09 21:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\Scansoft
    [2011/04/09 20:07:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/04/09 20:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\GlarySoft
    [2011/04/09 19:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/04/09 19:21:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/04/09 19:04:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/09 19:04:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/09 19:04:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/09 19:04:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/09 19:04:29 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/09 18:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\SUPERAntiSpyware.com
    [2011/04/09 18:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/04/09 18:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/04/09 18:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/04/09 18:02:12 | 010,846,616 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\gary\Desktop\SUPERAntiSpyware.exe
    [2011/04/09 14:37:08 | 000,000,000 | ---D | C] -- C:\oldvirus
    [2011/04/09 07:30:07 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\1galmb.exe
    [2011/04/08 22:33:57 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\2Copy of mbam-setup-1.50.1.1100.exe
    [2011/04/08 22:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Malwarebytes
    [2011/04/08 22:20:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/04/08 22:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Adobe
    [2011/04/08 22:17:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\gary\PrivacIE
    [2011/04/08 22:17:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\gary\IETldCache
    [2011/04/08 22:16:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\gary\Application Data\Microsoft
    [2011/04/08 22:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gary\Start Menu\Programs\Startup
    [2011/04/08 22:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gary\Start Menu
    [2011/04/08 22:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gary\SendTo
    [2011/04/08 22:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gary\Application Data
    [2011/04/08 22:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gary\Start Menu\Programs\Accessories
    [2011/04/08 22:16:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\gary\Cookies
    [2011/04/08 22:16:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\gary\Local Settings
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Templates
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\Symantec
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Recent
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\PrintHood
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\NetHood
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\My Documents
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\Microsoft
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Macromedia
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\InstallShield
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Identities
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Favorites
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Desktop
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Start Menu\Programs\CtrlInstaller
    [2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\BVRP Software
    [2011/04/06 00:25:47 | 000,000,000 | ---D | C] -- D:\My Documents\Adobe
    [2011/04/06 00:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2011/04/05 23:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/04/05 11:06:17 | 000,000,000 | ---D | C] -- D:\My Documents\Scan
    [2008/03/19 17:28:33 | 000,032,768 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
    [2005/02/17 10:18:06 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

    ========== Files - Modified Within 30 Days ==========

    [2011/04/09 21:33:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
    [2011/04/09 21:31:46 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
    [2011/04/09 21:31:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/09 21:31:42 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
    [2011/04/09 21:31:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2011/04/09 21:31:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2011/04/09 21:10:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1715567821-725345543-1005UA.job
    [2011/04/09 20:16:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/04/09 20:11:45 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/09 20:11:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/09 20:09:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2011/04/09 20:02:46 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\gary\Desktop\Glary Utilities.lnk
    [2011/04/09 19:14:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/04/09 19:03:18 | 004,317,630 | R--- | M] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
    [2011/04/09 19:00:47 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\gary\Desktop\MBRCheck.exe
    [2011/04/09 18:02:47 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/04/09 18:00:02 | 010,846,616 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\gary\Desktop\SUPERAntiSpyware.exe
    [2011/04/09 15:42:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/08 22:56:14 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/08 22:54:00 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\1galmb.exe
    [2011/04/08 22:20:17 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/04/08 22:20:17 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\2Copy of mbam-setup-1.50.1.1100.exe
    [2011/04/08 22:16:11 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\gary\ntuser.pol
    [2011/04/08 22:01:37 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm
    [2011/04/08 22:01:37 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
    [2011/04/08 21:38:56 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373300r
    [2011/04/08 21:38:56 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373300
    [2011/04/08 21:38:53 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20373300
    [2011/04/08 12:10:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1715567821-725345543-1005Core.job
    [2011/04/07 19:52:21 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
    [2011/04/07 19:52:21 | 000,000,232 | ---- | M] () -- C:\sqmdata06.sqm
    [2011/04/07 19:52:10 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
    [2011/04/07 19:52:10 | 000,000,232 | ---- | M] () -- C:\sqmdata05.sqm
    [2011/04/07 19:32:57 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
    [2011/04/07 19:32:57 | 000,000,232 | ---- | M] () -- C:\sqmdata04.sqm
    [2011/04/07 19:30:51 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
    [2011/04/07 19:30:51 | 000,000,232 | ---- | M] () -- C:\sqmdata03.sqm
    [2011/04/07 02:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-COMPUTERROOM-sak.job
    [2011/04/06 22:40:37 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
    [2011/04/06 22:40:37 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
    [2011/04/06 21:23:56 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
    [2011/04/06 21:23:56 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
    [2011/04/06 07:40:43 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/06 01:21:11 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
    [2011/04/06 01:21:11 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
    [2011/04/05 23:27:06 | 000,001,657 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 9.lnk
    [2011/04/05 01:01:34 | 000,000,268 | ---- | M] () -- C:\sqmdata19.sqm
    [2011/04/05 01:01:34 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm
    [2011/04/01 02:39:52 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm
    [2011/04/01 02:39:52 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
    [2011/03/31 01:30:06 | 000,000,268 | ---- | M] () -- C:\sqmdata17.sqm
    [2011/03/31 01:30:06 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
    [2011/03/30 00:49:01 | 000,000,268 | ---- | M] () -- C:\sqmdata16.sqm
    [2011/03/30 00:49:01 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
    [2011/03/29 01:40:21 | 000,000,268 | ---- | M] () -- C:\sqmdata15.sqm
    [2011/03/29 01:40:20 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
    [2011/03/28 01:14:20 | 000,000,268 | ---- | M] () -- C:\sqmdata14.sqm
    [2011/03/28 01:14:20 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
    [2011/03/26 00:21:29 | 000,000,268 | ---- | M] () -- C:\sqmdata13.sqm
    [2011/03/26 00:21:28 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
    [2011/03/24 23:35:22 | 000,000,268 | ---- | M] () -- C:\sqmdata12.sqm
    [2011/03/24 23:35:21 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm
    [2011/03/24 00:48:44 | 000,000,268 | ---- | M] () -- C:\sqmdata11.sqm
    [2011/03/24 00:48:44 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
    [2011/03/23 00:31:04 | 000,000,268 | ---- | M] () -- C:\sqmdata10.sqm
    [2011/03/23 00:31:04 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
    [2011/03/21 08:55:27 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm
    [2011/03/21 08:55:27 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
    [2011/03/13 08:46:31 | 000,439,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/03/13 08:46:31 | 000,069,920 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/03/11 04:15:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
     
  9. houston10s

    houston10s TS Rookie Topic Starter Posts: 28

    Part 2 of otl.txt follows:


    ========== Files Created - No Company Name ==========

    [2011/04/09 20:10:01 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    [2011/04/09 20:10:01 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    [2011/04/09 20:02:46 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\gary\Desktop\Glary Utilities.lnk
    [2011/04/09 19:04:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/09 19:04:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/09 19:04:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/09 19:04:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/09 19:04:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/09 19:03:18 | 004,317,630 | R--- | C] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
    [2011/04/09 19:00:47 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\gary\Desktop\MBRCheck.exe
    [2011/04/09 18:02:47 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/04/09 15:42:16 | 2137,509,888 | -HS- | C] () -- C:\hiberfil.sys
    [2011/04/08 22:56:14 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/08 22:16:11 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\gary\ntuser.pol
    [2011/04/08 22:16:08 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\gary\Desktop\Business Systems.lnk
    [2011/04/08 22:16:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/08 22:16:08 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2011/04/08 22:16:06 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\gary\Start Menu\Programs\Remote Assistance.lnk
    [2011/04/08 22:16:06 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\gary\Start Menu\Programs\Internet Explorer.lnk
    [2011/04/08 22:16:06 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\gary\Start Menu\Programs\Windows Media Player.lnk
    [2011/04/08 22:16:06 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\gary\Start Menu\Programs\Outlook Express.lnk
    [2011/04/08 21:38:56 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20373300r
    [2011/04/08 21:38:56 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20373300
    [2011/04/08 21:38:53 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20373300
    [2011/04/05 23:36:11 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-COMPUTERROOM-sak.job
    [2011/04/05 23:32:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
    [2011/04/05 23:32:37 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
    [2011/04/05 23:27:06 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 9.lnk
    [2011/04/05 23:27:06 | 000,001,657 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 9.lnk
    [2011/02/25 15:11:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/09 22:54:47 | 000,000,315 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2010/12/09 22:54:47 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2010/12/09 22:54:23 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2010/12/09 22:53:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
    [2010/12/09 22:52:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2010/12/09 22:49:17 | 000,031,830 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2010/06/29 22:06:58 | 000,339,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/10/11 21:35:24 | 000,044,324 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2008/10/30 07:34:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2008/09/17 06:50:47 | 000,000,099 | ---- | C] () -- C:\WINDOWS\notesnsd.ini
    [2008/08/04 13:14:58 | 000,000,961 | ---- | C] () -- C:\WINDOWS\unins000.dat
    [2008/07/19 10:53:45 | 000,000,250 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2008/07/18 16:09:41 | 000,002,266 | ---- | C] () -- C:\WINDOWS\saplogon.ini
    [2008/07/18 10:46:57 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
    [2008/07/14 20:22:46 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/03/23 17:59:13 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
    [2008/03/23 17:59:13 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
    [2008/03/19 17:28:39 | 000,265,066 | R--- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
    [2008/03/19 17:28:38 | 000,140,643 | R--- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
    [2008/03/19 17:28:32 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
    [2008/03/19 17:28:32 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
    [2008/03/19 17:28:31 | 000,222,368 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat
    [2008/01/27 08:28:08 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/01/27 08:28:08 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/01/26 18:10:01 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    [2008/01/26 18:05:05 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\People
    [2008/01/26 18:05:05 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
    [2008/01/24 09:44:08 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2007/11/14 13:51:51 | 000,090,112 | ---- | C] () -- C:\WINDOWS\TIRHService.exe
    [2007/10/12 18:00:54 | 000,002,850 | ---- | C] () -- C:\WINDOWS\System32\DWRCS.INI
    [2007/10/12 13:30:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI
    [2007/10/11 22:47:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2007/10/11 22:45:43 | 000,117,132 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
    [2007/10/11 22:24:16 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2007/03/05 09:36:38 | 000,000,106 | ---- | C] () -- C:\WINDOWS\MR2000EX.INI
    [2007/02/21 12:14:08 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Bisfax.ini
    [2007/02/16 13:12:35 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2007/02/16 10:13:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/02/16 09:28:32 | 000,000,806 | ---- | C] () -- C:\WINDOWS\EPFax.INI
    [2007/02/16 09:28:32 | 000,000,049 | ---- | C] () -- C:\WINDOWS\mailroom.ini
    [2007/02/16 09:28:20 | 000,000,167 | ---- | C] () -- C:\WINDOWS\READIRIS.INI
    [2007/02/16 09:27:41 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\MRSPLNT.DLL
    [2007/02/16 09:27:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\MRINST.DLL
    [2007/02/16 09:27:35 | 000,008,898 | ---- | C] () -- C:\WINDOWS\MR2000.INI
    [2007/02/16 09:19:50 | 000,000,041 | ---- | C] () -- C:\WINDOWS\CSERVE.INI
    [2007/02/14 15:34:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
    [2007/02/14 15:34:08 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
    [2007/02/14 15:21:57 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
    [2007/02/14 00:44:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/02/14 00:43:23 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2007/02/13 19:00:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2007/02/13 18:55:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/05/05 19:17:20 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
    [2006/01/26 15:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/12/22 13:05:46 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
    [2005/11/11 01:33:00 | 000,073,782 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
    [2005/02/17 10:24:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
    [2005/02/17 10:24:20 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
    [2005/02/17 10:23:16 | 000,033,280 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
    [2005/02/17 10:18:32 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
    [2005/02/17 10:18:30 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
    [2005/02/17 10:18:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
    [2005/02/17 10:13:20 | 000,032,343 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
    [2005/02/17 10:13:18 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 07:00:00 | 000,439,608 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 07:00:00 | 000,069,920 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
    [2003/03/21 04:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/08/09 14:27:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\FSScrCtlU.exe
    [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [1998/12/24 11:42:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\biscomns.dll
    [1997/11/23 12:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\cdo32.dll

    ========== LOP Check ==========

    [2011/03/09 18:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aMoNaKn06300
    [2008/01/26 18:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Console
    [2008/01/26 18:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2011/04/06 00:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2011/03/08 20:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fPoMiHl06300
    [2009/07/20 21:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GbPlugin
    [2008/01/26 20:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2008/01/26 18:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2008/03/23 17:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2011/04/06 00:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2010/12/24 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2008/03/23 17:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
    [2008/01/26 18:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2011/02/02 17:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
    [2011/04/09 20:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\GlarySoft
    [2008/07/19 10:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
    [2007/10/11 15:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\AbsoluteTelnet
    [2007/10/12 13:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Blackberry Desktop
    [2008/08/02 11:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\GARMIN
    [2007/11/26 21:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Image Zone Express
    [2008/07/22 13:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Juniper Networks
    [2007/11/07 06:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Leadertech
    [2008/01/26 20:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\muvee Technologies
    [2008/01/26 18:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Nikon
    [2008/07/18 13:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\OfficeUpdate12
    [2008/06/22 19:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\pdf995
    [2008/01/17 09:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Research In Motion
    [2008/03/23 17:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\TaxCut
    [2011/02/02 09:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
    [2009/03/05 21:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\AbsoluteTelnet
    [2011/02/04 14:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
    [2010/02/14 19:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\Facebook
    [2010/07/23 22:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\GlarySoft
    [2011/02/04 13:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\Nikon
    [2010/08/27 18:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\Octoshape
    [2010/12/21 17:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\PC-FAX TX
    [2011/02/02 17:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\ScanSoft
    [2011/02/02 17:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\Zeon
    [2011/04/09 21:31:42 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
    [2011/04/09 20:16:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2011/04/09 21:31:46 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/02/13 18:58:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/02/21 21:20:13 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/04/09 20:09:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2011/04/09 19:18:38 | 000,016,981 | ---- | M] () -- C:\ComboFix.txt
    [2007/02/13 18:58:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/03/09 09:50:59 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2011/04/09 20:11:45 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
    [2008/07/31 19:53:45 | 000,115,224 | ---- | M] () -- C:\img2-001.raw
    [2008/09/07 10:45:23 | 000,115,224 | ---- | M] () -- C:\img2-002.raw
    [2007/02/13 18:58:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/07/25 17:14:10 | 000,008,516 | ---- | M] () -- C:\JavaRa.log
    [2007/02/13 18:58:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/07/18 10:28:31 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/04/09 20:11:43 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/04/06 01:21:11 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
    [2011/04/06 21:23:56 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
    [2011/04/06 22:40:37 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
    [2011/04/07 19:30:51 | 000,000,232 | ---- | M] () -- C:\sqmdata03.sqm
    [2011/04/07 19:32:57 | 000,000,232 | ---- | M] () -- C:\sqmdata04.sqm
    [2011/04/07 19:52:10 | 000,000,232 | ---- | M] () -- C:\sqmdata05.sqm
    [2011/04/07 19:52:21 | 000,000,232 | ---- | M] () -- C:\sqmdata06.sqm
    [2011/04/08 22:01:37 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm
    [2011/04/09 21:31:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2011/03/21 08:55:27 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm
    [2011/03/23 00:31:04 | 000,000,268 | ---- | M] () -- C:\sqmdata10.sqm
    [2011/03/24 00:48:44 | 000,000,268 | ---- | M] () -- C:\sqmdata11.sqm
    [2011/03/24 23:35:22 | 000,000,268 | ---- | M] () -- C:\sqmdata12.sqm
    [2011/03/26 00:21:29 | 000,000,268 | ---- | M] () -- C:\sqmdata13.sqm
    [2011/03/28 01:14:20 | 000,000,268 | ---- | M] () -- C:\sqmdata14.sqm
    [2011/03/29 01:40:21 | 000,000,268 | ---- | M] () -- C:\sqmdata15.sqm
    [2011/03/30 00:49:01 | 000,000,268 | ---- | M] () -- C:\sqmdata16.sqm
    [2011/03/31 01:30:06 | 000,000,268 | ---- | M] () -- C:\sqmdata17.sqm
    [2011/04/01 02:39:52 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm
    [2011/04/05 01:01:34 | 000,000,268 | ---- | M] () -- C:\sqmdata19.sqm
    [2011/04/06 01:21:11 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
    [2011/04/06 21:23:56 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
    [2011/04/06 22:40:37 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
    [2011/04/07 19:30:51 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
    [2011/04/07 19:32:57 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
    [2011/04/07 19:52:10 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
    [2011/04/07 19:52:21 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
    [2011/04/08 22:01:37 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
    [2011/04/09 21:31:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2011/03/21 08:55:27 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
    [2011/03/23 00:31:04 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
    [2011/03/24 00:48:44 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
    [2011/03/24 23:35:21 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm
    [2011/03/26 00:21:28 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
    [2011/03/28 01:14:20 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
    [2011/03/29 01:40:20 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
    [2011/03/30 00:49:01 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
    [2011/03/31 01:30:06 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
    [2011/04/01 02:39:52 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
    [2011/04/05 01:01:34 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2007/02/13 18:57:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2008/02/01 11:11:10 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/02/14 00:42:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2007/02/14 00:42:37 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2007/02/14 00:42:36 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/07/18 10:33:10 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/02/15 16:26:46 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2007/02/15 16:26:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/08 22:54:00 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\1galmb.exe
    [2011/04/08 22:20:17 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\2Copy of mbam-setup-1.50.1.1100.exe
    [2011/04/09 19:03:18 | 004,317,630 | R--- | M] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
    [2011/04/08 22:20:17 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/04/09 19:00:47 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\gary\Desktop\MBRCheck.exe
    [2011/04/09 21:33:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
    [2011/04/09 18:00:02 | 010,846,616 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\gary\Desktop\SUPERAntiSpyware.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2006/09/11 18:59:36 | 000,013,023 | ---- | M] () -- C:\WINDOWS\VX3000.src

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/02/15 16:26:45 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\gary\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/01/24 12:03:25 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/04/09 21:31:45 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\gary\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2006/10/19 09:27:58 | 000,581,632 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
    [2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  10. houston10s

    houston10s TS Rookie Topic Starter Posts: 28

    extras.txt follows:

    OTL Extras logfile created on: 4/9/2011 9:37:43 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\gary\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24.41 Gb Total Space | 3.64 Gb Free Space | 14.93% Space Free | Partition Type: NTFS
    Drive D: | 31.47 Gb Total Space | 10.65 Gb Free Space | 33.85% Space Free | Partition Type: NTFS
    Drive G: | 488.00 Mb Total Space | 445.64 Mb Free Space | 91.32% Space Free | Partition Type: FAT

    Computer Name: COMPUTERROOM | User Name: gary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "FirewallOverride" = 0
    "AntiVirusOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\WINDOWS\TIREMOTE\TIRemoteService.exe" = C:\WINDOWS\TIREMOTE\TIRemoteService.exe:*:Enabled:Track-It! Workstation Manager -- (Numara Software, Inc.)
    "C:\WINDOWS\TIREMOTE\wuser32.exe" = C:\WINDOWS\TIREMOTE\wuser32.exe:*:Enabled:Track-It! Remote Control -- (Intuit Track-It!)
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Documents and Settings\sak\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\sak\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
    "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
    "{070D1CA1-BF29-083F-2D1B-247B26CF9434}" = Picaboo X
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{12BE3620-38FB-11D5-8845-9FBAF344AF4E}" = eCopy Desktop
    "{182436FB-2417-4658-B733-0F2CB1B78AC8}" = FAXCOM for Domino - Client
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
    "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
    "{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{31FD9031-FA28-4F73-9FD1-D7E9997C41CE}" = Brother MFL-Pro Suite MFC-J410W
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{42732288-A935-11D5-AB3E-000102B0F79A}" = ReadIRIS
    "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{5B5B3D92-A765-4AD5-9752-30BA2C71C314}" = Lotus Notes 6.5.1
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{68E9F885-3B73-4884-A598-31FC2C7F8E63}" = Symantec Enterprise Vault Outlook Add-In
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
    "{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
    "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
    "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DCB63CEC-C6A3-4963-A5D0-6C03EE0CC08F}" = CardScan 6.0.6
    "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
    "{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
    "Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
    "AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
    "AVS4YOU Video Converter_is1" = AVS Video Converter 5.6
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
    "com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
    "ESET Online Scanner" = ESET Online Scanner v3
    "Glary Utilities_is1" = Glary Utilities 2.33.0.1158
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Juniper Network Connect 5.5.0" = Juniper Networks Network Connect 5.5.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Pdf995" = Pdf995 (installed by TaxCut)
    "PdfEdit995" = PdfEdit995 (installed by TaxCut)
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "Picasa 3" = Picasa 3
    "PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
    "Power Management Driver" = ThinkPad Power Management Driver
    "ProInst" = Intel(R) PROSet/Wireless Software
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/13/2011 4:08:35 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2011/03/13 15:08:35.484]: [00001496]: CUsbScnDev: DeviceIoControl()
    failed. ErrorCode = 5

    Error - 3/13/2011 4:08:36 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2011/03/13 15:08:36.484]: [00001496]: CUsbScnDev: DeviceIoControl
    Illegal response

    Error - 3/13/2011 4:08:37 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2011/03/13 15:08:37.484]: [00001496]: CUsbScnDev: DeviceIoControl
    Illegal response

    Error - 3/13/2011 4:08:38 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2011/03/13 15:08:38.484]: [00001496]: CUsbScnDev: DeviceIoControl
    Illegal response

    Error - 3/13/2011 4:08:39 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2011/03/13 15:08:39.484]: [00001496]: CUsbScnDev: DeviceIoControl
    Illegal response

    Error - 3/13/2011 4:08:40 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2011/03/13 15:08:40.484]: [00001496]: CUsbScnDev: DeviceIoControl
    Illegal response

    Error - 3/13/2011 4:08:41 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2011/03/13 15:08:41.500]: [00001496]: CUsbScnDev: DeviceIoControl
    Illegal response

    Error - 3/14/2011 9:00:22 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2011/03/14 20:00:22.500]: [00001524]: CUsbScnDev: DeviceIoControl()
    failed. ErrorCode = 5

    Error - 3/25/2011 6:17:48 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2011/03/25 17:17:48.015]: [00003176]: CUsbScnDev: DeviceIoControl()
    failed. ErrorCode = 5

    Error - 4/9/2011 6:55:45 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2011/04/09 17:55:45.218]: [00000408]: CUsbScnDev: DeviceIoControl()
    failed. ErrorCode = 5

    [ System Events ]
    Error - 4/9/2011 4:42:28 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 4/9/2011 4:42:28 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%5

    Error - 4/9/2011 7:51:44 PM | Computer Name = COMPUTERROOM | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 4/9/2011 7:51:44 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 4/9/2011 7:51:44 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%5

    Error - 4/9/2011 8:04:51 PM | Computer Name = COMPUTERROOM | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 4/9/2011 8:04:51 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%5

    Error - 4/9/2011 8:13:48 PM | Computer Name = COMPUTERROOM | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 4/9/2011 8:13:49 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%5

    Error - 4/9/2011 9:12:11 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7000
    Description = The MSCamSvc service failed to start due to the following error: %%2


    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 47,980   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      [2011/04/08 21:38:56 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373300r
      [2011/04/08 21:38:56 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373300
      [2011/04/08 21:38:53 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20373300
      [2011/03/09 18:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aMoNaKn06300
      [2011/03/08 20:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fPoMiHl06300
      
      
      :Services
      
      :Reg
      
      :Files
      C:\*.sqm
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
     
  12. houston10s

    houston10s TS Rookie Topic Starter Posts: 28

    As per your instructions, otl, security check, and estscan (found 1 trojan virus) logs are pasted below:

    All processes killed
    ========== OTL ==========
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    C:\Documents and Settings\All Users\Application Data\~20373300r moved successfully.
    C:\Documents and Settings\All Users\Application Data\~20373300 moved successfully.
    C:\Documents and Settings\All Users\Application Data\20373300 moved successfully.
    Folder C:\Documents and Settings\All Users\Application Data\aMoNaKn06300\ not found.
    Folder C:\Documents and Settings\All Users\Application Data\fPoMiHl06300\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\sqmdata00.sqm moved successfully.
    C:\sqmdata01.sqm moved successfully.
    C:\sqmdata02.sqm moved successfully.
    C:\sqmdata03.sqm moved successfully.
    C:\sqmdata04.sqm moved successfully.
    C:\sqmdata05.sqm moved successfully.
    C:\sqmdata06.sqm moved successfully.
    C:\sqmdata07.sqm moved successfully.
    C:\sqmdata08.sqm moved successfully.
    C:\sqmdata09.sqm moved successfully.
    C:\sqmdata10.sqm moved successfully.
    C:\sqmdata11.sqm moved successfully.
    C:\sqmdata12.sqm moved successfully.
    C:\sqmdata13.sqm moved successfully.
    C:\sqmdata14.sqm moved successfully.
    C:\sqmdata15.sqm moved successfully.
    C:\sqmdata16.sqm moved successfully.
    C:\sqmdata17.sqm moved successfully.
    C:\sqmdata18.sqm moved successfully.
    C:\sqmdata19.sqm moved successfully.
    C:\sqmnoopt00.sqm moved successfully.
    C:\sqmnoopt01.sqm moved successfully.
    C:\sqmnoopt02.sqm moved successfully.
    C:\sqmnoopt03.sqm moved successfully.
    C:\sqmnoopt04.sqm moved successfully.
    C:\sqmnoopt05.sqm moved successfully.
    C:\sqmnoopt06.sqm moved successfully.
    C:\sqmnoopt07.sqm moved successfully.
    C:\sqmnoopt08.sqm moved successfully.
    C:\sqmnoopt09.sqm moved successfully.
    C:\sqmnoopt10.sqm moved successfully.
    C:\sqmnoopt11.sqm moved successfully.
    C:\sqmnoopt12.sqm moved successfully.
    C:\sqmnoopt13.sqm moved successfully.
    C:\sqmnoopt14.sqm moved successfully.
    C:\sqmnoopt15.sqm moved successfully.
    C:\sqmnoopt16.sqm moved successfully.
    C:\sqmnoopt17.sqm moved successfully.
    C:\sqmnoopt18.sqm moved successfully.
    C:\sqmnoopt19.sqm moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DrakaITAdministrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: gary
    ->Temp folder emptied: 558116 bytes
    ->Temporary Internet Files folder emptied: 15791426 bytes
    ->Flash cache emptied: 456 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: menezesa
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 6758 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    User: sak
    ->Temp folder emptied: 4633 bytes
    ->Temporary Internet Files folder emptied: 6291408 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 5987834 bytes
    ->Flash cache emptied: 635 bytes

    User: trackitadmin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 14869 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 2140 bytes

    Total Files Cleaned = 27.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: DrakaITAdministrator
    ->Flash cache emptied: 0 bytes

    User: gary
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: menezesa
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: sak
    ->Flash cache emptied: 0 bytes

    User: trackitadmin

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04092011_223619

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB153.tmp not found!
    File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB15F.tmp not found!
    File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB1C2.tmp not found!
    File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB1D0.tmp not found!
    File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB202.tmp not found!
    File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB217.tmp not found!
    C:\Documents and Settings\gary\Local Settings\Temporary Internet Files\Content.IE5\VMM7P7WX\crosspixel-dest[1].htm moved successfully.
    C:\Documents and Settings\gary\Local Settings\Temporary Internet Files\Content.IE5\VMM7P7WX\sh38[1].html moved successfully.
    C:\Documents and Settings\gary\Local Settings\Temporary Internet Files\Content.IE5\CN8ORI2X\topic163660[3].html moved successfully.

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    Microsoft Security Essentials
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 8.1.3
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````


    EstScan
    C:\System Volume Information\_restore{FA875E9E-119A-47CB-96BC-8E05860641D8}\RP158\A0009426.exe a variant of Win32/Kryptik.MLF trojan
     
  13. Broni

    Broni Malware Annihilator Posts: 47,980   +271

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    Eset finding is in one of your restore points, which we're about to reset.

    ====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,980   +271

    The issue seems to be resolved.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.