TechSpot

Windows cannot access the specified device path or file

Solved
By Batrico
Feb 3, 2012
  1. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    ComboFix 12-02-03.02 - Shel 02/06/2012 17:17:26.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.160 [GMT 0:00]
    Running from: c:\documents and settings\Shel\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-05 20:34 . 2012-02-05 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-02-05 20:34 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-05 20:34 . 2012-02-05 20:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-03 22:09 . 2012-02-05 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
    2012-02-03 22:01 . 2012-02-03 22:01 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2012-02-02 23:41 . 2012-02-02 23:41 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-02-02 23:20 . 2012-02-02 23:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
    2012-02-02 22:41 . 2012-02-02 22:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2012-02-02 19:13 . 2012-02-03 20:16 -------- d-----w- c:\documents and settings\Shel
    2012-02-02 18:11 . 2012-02-02 23:40 -------- d-s---w- c:\documents and settings\Peter
    2012-01-17 21:00 . 2012-01-17 21:00 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-19 18:59 . 2011-12-19 18:59 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-12-19 18:59 . 2011-12-19 18:59 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-12-19 18:59 . 2011-12-19 18:59 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-12-19 18:58 . 2011-11-03 23:34 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-12-19 18:58 . 2010-06-01 18:00 301224 ----a-w- c:\windows\system32\guard32.dll
    2011-11-25 21:57 . 2004-08-10 12:51 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-10 12:51 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-08-10 12:51 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-08-10 12:51 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-08-10 12:51 152064 ----a-w- c:\windows\system32\schannel.dll
    2012-01-29 15:55 . 2012-02-03 19:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-03_20.38.35 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-06 08:31 . 2012-02-06 08:31 16384 c:\windows\Temp\Perflib_Perfdata_a18.dat
    + 2006-12-12 16:05 . 2012-02-06 08:30 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2006-12-12 16:05 . 2012-02-06 08:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2006-12-12 16:05 . 2012-01-14 21:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2006-12-12 16:21 . 2012-02-03 22:08 55968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    + 2012-02-03 22:07 . 2012-02-06 08:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-02-03 22:03 . 2012-02-03 22:03 8716288 c:\windows\Installer\df6b9.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-16 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
    .
    c:\documents and settings\Shel\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
    backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Shel^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\Shel\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2006-08-23 16:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-12-09 20:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2006-12-09 08:36 236544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-03-30 09:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-11-16 17:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
    "10426:UDP"= 10426:UDP:SingleClick ICC
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/14/2011 11:12 PM 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/5/2009 4:31 PM 309848]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/17/2012 9:00 PM 494968]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/19/2011 6:59 PM 31704]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/5/2009 4:31 PM 19544]
    R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [11/23/2011 10:27 AM 1052472]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:26 PM 135664]
    S3 cpuz;cpuz;\??\e:\aaaaa\tests\cpuz\cpuz.sys --> e:\aaaaa\tests\cpuz\cpuz.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:26 PM 135664]
    S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 22:26]
    .
    2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 22:26]
    .
    2008-02-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
    .
    2012-02-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
    .
    2010-05-18 c:\windows\Tasks\XoftSpySE.job
    - c:\program files\XoftSpySE\XoftSpy.exe [2006-06-19 15:35]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath - c:\documents and settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-06 17:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(728)
    c:\windows\system32\guard32.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'lsass.exe'(784)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'explorer.exe'(3052)
    c:\windows\system32\WININET.dll
    c:\windows\system32\guard32.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    - - - - - - - > 'csrss.exe'(696)
    c:\windows\system32\cmdcsr.dll
    .
    Completion time: 2012-02-06 17:38:27
    ComboFix-quarantined-files.txt 2012-02-06 17:38
    ComboFix2.txt 2012-02-03 21:00
    .
    Pre-Run: 23,863,799,808 bytes free
    Post-Run: 23,850,733,568 bytes free
    .
    - - End Of File - - 3D8CF92004A610F775D540366E93011D
  2. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/06/2012 at 17:46:13.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    C:\WINDOWS\system32\notepad.exe


    Rkill completed on 02/06/2012 at 17:47:21.
  3. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Looks clean.

    How is computer doing?

    Uninstall Ask Toolbar, typical foistware.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  4. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    what does the top mean.I ot rkill to work
  5. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Please read my previous reply.
  6. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    OTL logfile created on: 2/6/2012 6:07:18 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Shel\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: | Country: | Language: | Date Format:

    446.04 Mb Total Physical Memory | 238.97 Mb Available Physical Memory | 53.58% Memory free
    1.03 Gb Paging File | 0.53 Gb Available in Paging File | 51.57% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 52.76 Gb Total Space | 22.23 Gb Free Space | 42.13% Space Free | Partition Type: NTFS

    Computer Name: MICHELLE | User Name: Shel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/06 17:54:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shel\My Documents\Downloads\OTL.exe
    PRC - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2011/11/23 10:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    PRC - [2011/11/23 10:27:04 | 000,992,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
    PRC - [2011/07/04 11:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/07/04 11:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/27 11:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
    PRC - [2006/09/22 11:06:26 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/06 09:09:01 | 001,689,600 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12020600\algo.dll
    MOD - [2012/01/08 23:43:03 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_941130d1\mscorlib.dll
    MOD - [2012/01/08 23:42:58 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_bb1b5429\system.drawing.dll
    MOD - [2012/01/08 23:42:43 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_5612de0d\system.xml.dll
    MOD - [2012/01/08 23:42:36 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_da99677d\system.windows.forms.dll
    MOD - [2012/01/08 23:42:20 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_c10983d8\system.dll
    MOD - [2012/01/08 23:41:50 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2012/01/08 23:41:47 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
    MOD - [2012/01/08 23:41:41 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2011/11/23 10:27:10 | 004,284,728 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\Socket\Adaptor.dll
    MOD - [2011/11/23 10:27:10 | 002,085,688 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\GuiListener\export.dll
    MOD - [2011/11/23 10:27:10 | 001,764,664 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\Socket\Export.dll
    MOD - [2011/11/23 10:27:10 | 000,339,768 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\RemoteDesktop\Export.dll
    MOD - [2011/11/23 10:27:10 | 000,049,976 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\RemoteDesktop\ShHook.dll
    MOD - [2011/11/23 10:27:08 | 000,464,184 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\CRF\export.dll
    MOD - [2011/11/23 10:27:08 | 000,328,504 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\EventMonitor\export.dll
    MOD - [2011/11/23 10:27:08 | 000,126,776 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\EventMonitor\EventMonitor.dll
    MOD - [2011/11/23 10:27:06 | 001,131,320 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPS_RES.dll
    MOD - [2011/11/23 10:27:06 | 000,020,280 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLANG.dll
    MOD - [2011/11/11 19:47:53 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
    MOD - [2011/11/11 19:47:52 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2006/11/01 04:48:18 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
    MOD - [2004/08/10 13:11:12 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
    MOD - [2004/08/10 13:11:10 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    MOD - [2004/08/10 13:11:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2004/08/10 13:11:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (NICCONFIGSVC)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2011/11/23 10:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
    SRV - [2011/07/04 11:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2007/11/14 18:14:33 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
    SRV - [2007/08/27 11:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
    SRV - [2006/12/09 08:36:31 | 000,086,528 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2012/01/17 21:00:50 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2011/12/19 18:59:24 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
    DRV - [2011/12/19 18:59:22 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2011/07/04 11:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/07/04 11:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/07/04 11:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/07/04 11:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/07/04 11:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/07/04 11:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/07/04 11:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2006/12/18 19:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
    DRV - [2006/11/03 06:34:00 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/09/23 02:56:40 | 001,681,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/09/22 11:06:26 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/08/17 13:55:16 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061209
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061209


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061209
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061209
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?rd=1&ucc=IE&dcc=IE&opt=0
    IE - HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA D3 AF 40 F9 E4 CC 01 [binary data]
    IE - HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/07/14 23:12:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/03 19:03:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012/02/02 23:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shel\Application Data\Mozilla\Extensions
    [2012/02/02 23:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shel\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2012/02/03 21:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\extensions
    [2012/02/03 19:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/29 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/01/29 13:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/01/29 13:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/02/03 20:36:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - Startup: C:\Documents and Settings\Shel\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1195594076281 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32AFFDC5-BCBC-4D98-B419-5FC3BABB1B40}: DhcpNameServer = 192.168.2.1 192.168.2.1
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.MKVC - C:\WINDOWS\System32\KMVIDC32.DLL ()
    Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
  7. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/05 20:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Malwarebytes
    [2012/02/05 20:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/05 20:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/02/05 20:34:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/02/05 20:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/02/03 22:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
    [2012/02/03 22:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
    [2012/02/03 22:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
    [2012/02/03 21:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\My Documents\Downloads
    [2012/02/03 19:43:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/02/03 19:38:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/02/03 19:38:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/02/03 19:38:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/02/03 19:38:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/02/03 19:38:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/02/03 19:37:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/03 19:37:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Shel\My Documents\My Videos
    [2012/02/03 19:37:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Shel\My Documents\My Pictures
    [2012/02/03 19:37:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Shel\My Documents\My Music
    [2012/02/03 19:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
    [2012/02/03 19:36:35 | 004,394,794 | R--- | C] (Swearware) -- C:\Documents and Settings\Shel\Desktop\ComboFix.exe
    [2012/02/03 19:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/02/02 23:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\CyberLink
    [2012/02/02 23:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Corel
    [2012/02/02 23:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\ATI
    [2012/02/02 23:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Apple Computer
    [2012/02/02 23:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\AdobeUM
    [2012/02/02 23:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Adobe
    [2012/02/02 23:38:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Shel\Application Data\Gtek
    [2012/02/02 23:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Leadertech
    [2012/02/02 23:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\InstallShield
    [2012/02/02 23:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Identities
    [2012/02/02 23:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Google
    [2012/02/02 23:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\DataLayer
    [2012/02/02 23:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\LimeWire
    [2012/02/02 23:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Macromedia
    [2012/02/02 23:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Mozilla
    [2012/02/02 23:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Nokia Multimedia Player
    [2012/02/02 23:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Nokia
    [2012/02/02 23:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\OpenOffice.org
    [2012/02/02 23:37:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Shel\Application Data\SecuROM
    [2012/02/02 23:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Sony Setup
    [2012/02/02 23:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Sony
    [2012/02/02 23:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Sonic
    [2012/02/02 23:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Rational
    [2012/02/02 23:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Publish Providers
    [2012/02/02 23:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\PC Suite
    [2012/02/02 23:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\OpenOffice.org2
    [2012/02/02 23:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Sports Interactive
    [2012/02/02 23:37:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Shel\IETldCache
    [2012/02/02 23:37:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Shel\IECompatCache
    [2012/02/02 23:37:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Shel\InstallAnywhere
    [2012/02/02 23:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Turbine
    [2012/02/02 23:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Thunderbird
    [2012/02/02 23:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Sun
    [2012/02/02 23:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\Apple Computer
    [2012/02/02 23:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\Apple
    [2012/02/02 23:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\Adobe
    [2012/02/02 23:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\BVRP Software
    [2012/02/02 23:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\ATI
    [2012/02/02 23:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\AskToolbar
    [2012/02/02 23:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\KodakGallery
    [2012/02/02 23:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\Google
    [2012/02/02 22:11:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Shel\NetHood
    [2012/02/02 19:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\Adobe(2)
    [2012/02/02 19:40:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Shel\My Documents
    [2012/02/02 19:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\ATI(2)
    [2012/02/02 19:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\ApplicationHistory(3)
    [2012/02/02 19:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data(3)
    [2012/02/02 19:20:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Shel\Favorites
    [2012/02/02 19:20:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Shel\Cookies
    [2012/02/02 19:14:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Shel\Application Data\Microsoft
    [2012/02/02 19:13:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Shel\Application Data
    [2012/02/02 19:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\ApplicationHistory
    [2012/02/02 19:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\Microsoft
    [2012/02/02 19:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\PowerDVD
    [2012/02/02 19:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\Mozilla
    [2012/02/02 19:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\Thunderbird
    [2012/02/02 19:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\Temp
    [2012/02/02 19:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\Sony
    [2012/02/02 19:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\SingleClick Systems
    [2012/02/02 19:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\WMTools Downloaded Files
    [2012/02/02 19:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\Turbine
    [2012/02/02 19:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
    [2012/02/02 19:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\{32A3A4F2-B792-11D6-A78A-00B0D0150140}
    [2012/02/02 19:13:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Shel\PrivacIE
    [2012/02/02 19:13:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Shel\PrintHood
    [2012/02/02 19:13:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Shel\Local Settings
    [2012/02/02 19:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Phone Browser
    [2012/02/02 19:13:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Shel\Recent
    [2012/02/02 19:13:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Shel\SendTo
    [2012/02/02 19:13:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Shel\Start Menu\Programs\Administrative Tools
    [2012/02/02 19:13:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Shel\Start Menu\Programs\Accessories
    [2012/02/02 19:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Start Menu\Programs\Dell
    [2012/02/02 19:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Start Menu\Programs\CCleaner
    [2012/02/02 19:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Start Menu\Programs\BSR Screen Recorder 4
    [2012/02/02 19:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Start Menu\Programs\Revo Uninstaller
    [2012/02/02 19:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Start Menu\Programs\Image-Line
    [2012/02/02 19:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Start Menu\Programs\XoftSpySE
    [2012/02/02 19:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Start Menu\Programs\Virtual DJ
    [2012/02/02 19:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Start Menu\Programs\TheSage
    [2012/02/02 19:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Start Menu\Programs\Startup
    [2012/02/02 19:13:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Shel\UserData
    [2012/02/02 19:13:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Shel\Templates
    [2012/02/02 19:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Start Menu
    [2012/02/02 19:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Desktop\Unused Desktop Shortcuts
    [2012/01/17 21:00:50 | 000,494,968 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
    [1996/11/13 02:25:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
    [14 C:\Documents and Settings\Shel\Desktop\*.tmp files -> C:\Documents and Settings\Shel\Desktop\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/06 18:03:49 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Shel\Desktop\Continue SweetIM Installation.lnk
    [2012/02/06 18:03:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/06 18:01:11 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/02/06 16:18:35 | 000,031,197 | ---- | M] () -- C:\Documents and Settings\Shel\My Documents\Untitled 1.odt
    [2012/02/06 08:31:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/06 08:30:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/02/06 08:30:37 | 467,775,488 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/05 23:21:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Shel\Desktop\MBR.dat
    [2012/02/05 20:35:11 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/03 22:03:43 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
    [2012/02/03 22:02:32 | 000,000,960 | ---- | M] () -- C:\Documents and Settings\Shel\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/02/03 22:02:32 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
    [2012/02/03 22:02:03 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
    [2012/02/03 20:36:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/02/03 19:43:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/02/03 19:27:04 | 004,394,794 | R--- | M] (Swearware) -- C:\Documents and Settings\Shel\Desktop\ComboFix.exe
    [2012/02/03 19:15:43 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/02/03 19:15:21 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\Shel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/02/03 19:03:39 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Shel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/03 19:03:39 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/02/02 20:10:36 | 000,503,578 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/02/02 20:10:36 | 000,097,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/02/02 19:32:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/02/02 19:21:54 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\Shel\Local Settings\Application Data\fusioncache.dat
    [2012/01/17 21:00:50 | 000,494,968 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
    [14 C:\Documents and Settings\Shel\Desktop\*.tmp files -> C:\Documents and Settings\Shel\Desktop\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/06 18:03:49 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\Shel\Desktop\Continue SweetIM Installation.lnk
    [2012/02/06 13:30:36 | 000,031,197 | ---- | C] () -- C:\Documents and Settings\Shel\My Documents\Untitled 1.odt
    [2012/02/05 23:20:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Shel\Desktop\MBR.dat
    [2012/02/05 20:35:11 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/03 22:03:43 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
    [2012/02/03 22:02:32 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\Shel\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/02/03 22:02:32 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
    [2012/02/03 22:02:03 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
    [2012/02/03 19:43:18 | 000,000,210 | ---- | C] () -- C:\Boot.bak
    [2012/02/03 19:43:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/02/03 19:38:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/02/03 19:38:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/02/03 19:38:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/02/03 19:38:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/02/03 19:38:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/02/03 19:15:21 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\Shel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/02/03 19:15:21 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\Shel\Start Menu\Programs\Internet Explorer.lnk
    [2012/02/03 19:03:38 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/02/03 19:03:37 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/02/03 18:33:20 | 467,775,488 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/02 19:21:54 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Shel\Local Settings\Application Data\fusioncache.dat
    [2010/08/07 09:37:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/07/23 22:52:53 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2009/05/08 13:15:27 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
    [2009/05/08 13:15:27 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
    [2009/03/21 14:35:41 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
    [2009/03/21 14:35:41 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat
    [2009/03/21 14:35:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
    [2009/03/21 14:34:29 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
    [2009/03/21 14:34:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
    [2008/04/30 23:24:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\TLTitleData.ini
    [2008/02/19 18:23:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2007/12/25 13:25:21 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2007/12/20 23:25:18 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/11/23 00:47:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/10/27 19:06:04 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
    [2007/10/17 17:15:03 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\75BDAE51B3.sys
    [2007/10/17 17:15:02 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2007/07/14 16:18:55 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Shel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/02/03 15:49:55 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2007/02/03 15:49:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2007/01/09 20:27:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/12/09 08:41:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/12/09 08:35:52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/12/09 08:29:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2006/12/09 08:29:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2006/12/09 08:29:49 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2006/12/09 08:27:58 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
    [2006/12/09 08:04:46 | 000,133,246 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2006/12/09 08:04:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2006/12/09 08:04:28 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/11/01 06:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2006/11/01 06:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/10 12:57:15 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/10 12:51:20 | 000,503,578 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/10 12:51:20 | 000,097,142 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [1997/06/14 00:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
    [1997/01/12 06:15:18 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\dtctrace.dll

    ========== LOP Check ==========

    [2012/02/02 23:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
    [2010/08/17 20:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2012/02/05 21:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
    [2009/03/17 23:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2008/05/08 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2009/02/17 17:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2007/11/17 12:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
    [2010/06/23 23:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/02/02 23:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\DataLayer
    [2012/02/02 23:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Leadertech
    [2012/02/02 23:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\LimeWire
    [2012/02/02 23:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Nokia
    [2012/02/02 23:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Nokia Multimedia Player
    [2012/02/02 23:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\OpenOffice.org
    [2012/02/02 23:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\PC Suite
    [2012/02/02 23:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Publish Providers
    [2012/02/02 23:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Rational
    [2012/02/02 23:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Sony
    [2012/02/02 23:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Sony Setup
    [2012/02/02 23:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Sports Interactive
    [2012/02/02 23:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Thunderbird
    [2012/02/02 23:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Turbine
    [2012/02/06 18:01:11 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/02/03 15:14:29 | 000,000,000 | ---- | M] () -- C:\AILog.txt
    [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/01/19 20:33:15 | 000,000,210 | ---- | M] () -- C:\Boot.bak
    [2012/02/03 19:43:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/02/06 17:38:29 | 000,014,454 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/12/09 08:07:18 | 000,005,505 | RH-- | M] () -- C:\dell.sdr
    [2012/02/06 08:30:37 | 467,775,488 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/26 15:39:47 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2011/01/19 19:03:07 | 000,240,269 | ---- | M] () -- C:\logfile
    [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/02/22 20:53:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/02/06 08:30:35 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
    [2012/02/06 17:47:21 | 000,000,392 | ---- | M] () -- C:\rkill.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/10 13:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/07/04 11:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/02/22 21:06:11 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/09/21 07:05:28 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Shel\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/03 19:27:04 | 004,394,794 | R--- | M] (Swearware) -- C:\Documents and Settings\Shel\Desktop\ComboFix.exe
    [2011/03/19 14:05:12 | 025,584,760 | ---- | M] () -- C:\Documents and Settings\Shel\Desktop\family_tree_builder_1198.exe
    [2010/06/07 21:17:03 | 002,305,392 | ---- | M] ( ) -- C:\Documents and Settings\Shel\Desktop\FFDictionaryToolbarInstaller_DIC3V5_tbr_1.5.0.0.exe
    [2012/02/03 21:23:40 | 015,795,464 | ---- | M] (Mozilla) -- C:\Documents and Settings\Shel\Desktop\Firefox Setup 10.0.exe
    [2010/07/15 22:07:52 | 001,528,184 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Shel\Desktop\GenuineCheck.exe
    [2011/11/03 23:58:14 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Shel\Desktop\HousecallLauncher.exe
    [2011/03/10 08:15:01 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Shel\Desktop\install_flash_player.exe
    [2011/02/08 23:03:37 | 001,154,864 | ---- | M] (Inbox.com, Inc. ) -- C:\Documents and Settings\Shel\Desktop\MapsSetup.exe
    [2011/11/11 19:29:32 | 150,831,248 | ---- | M] () -- C:\Documents and Settings\Shel\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-GB.exe
    [2011/11/11 20:07:35 | 158,067,944 | ---- | M] () -- C:\Documents and Settings\Shel\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
    [2011/05/26 23:34:10 | 006,280,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Shel\Desktop\Silverlight.exe
    [2010/07/19 20:14:02 | 008,936,572 | ---- | M] (Sequence Publishing) -- C:\Documents and Settings\Shel\Desktop\TheSage_Setup_3-1-2-1744.exe
    [2011/12/26 12:51:28 | 000,735,608 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Shel\Desktop\utorrent.exe
    [2010/07/15 21:40:26 | 000,909,176 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Shel\Desktop\WGAPluginInstall.exe
    [2010/07/15 22:09:05 | 000,525,624 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Shel\Desktop\WindowsXP-KB922120-v5-x86-ENU.exe
    [14 C:\Documents and Settings\Shel\Desktop\*.tmp files -> C:\Documents and Settings\Shel\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/02 19:20:47 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Shel\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/02/06 18:03:31 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Shel\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2008/04/29 10:21:55 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Shel\Desktop\Firefox Setup 10.0.exe:SummaryInformation

    < End of report >
  8. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    OTL Extras logfile created on: 2/6/2012 6:07:18 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Shel\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: | Country: | Language: | Date Format:

    446.04 Mb Total Physical Memory | 238.97 Mb Available Physical Memory | 53.58% Memory free
    1.03 Gb Paging File | 0.53 Gb Available in Paging File | 51.57% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 52.76 Gb Total Space | 22.23 Gb Free Space | 42.13% Space Free | Partition Type: NTFS

    Computer Name: MICHELLE | User Name: Shel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1490736864-3752856970-3868903156-1006\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
    "10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
    "C:\Documents and Settings\Shel\My Documents\Downloads\SweetImSetup.exe" = C:\Documents and Settings\Shel\My Documents\Downloads\SweetImSetup.exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
    "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
    "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
    "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{32A3A4F4-B792-11D6-A78A-00B0D0150140}" = J2SE Development Kit 5.0 Update 14
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{37BCCAE2-A3AD-4E03-B4FD-A1BE1FE6365A}" = T-RackS 1.x
    "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
    "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
    "{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1" = V-Station 1.50
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC6AE077-1566-4655-BE73-38A869C150DC}" = ATI Catalyst Control Center
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
    "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "ATI Display Driver" = ATI Display Driver
    "avast" = avast! Free Antivirus
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "BulentsScreenRecorder4" = BSR Screen Recorder 4
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Comodo Dragon" = Comodo Dragon
    "COMODO GeekBuddy" = COMODO GeekBuddy
    "Google Desktop" = Google Desktop
    "Hardcore" = Hardcore
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "IL Download Manager" = IL Download Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PoiZone" = PoiZone
    "reFX Vanguard VSTi_is1" = reFX Vanguard VSTi v1.6.1
    "Revo Uninstaller" = Revo Uninstaller 1.88
    "Sawer" = Sawer
    "SearchAssist" = SearchAssist
    "Security Task Manager" = Security Task Manager 1.7g
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TheSage" = TheSage
    "Toxic Biohazard" = Toxic Biohazard
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XoftSpySE" = XoftSpySE
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "xvid" = XviD MPEG-4 Video Codec

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 8/2/2010 2:19:47 PM | Computer Name = MICHELLE | Source = avast! | ID = 33554522
    Description =

    Error - 8/2/2010 2:20:06 PM | Computer Name = MICHELLE | Source = avast! | ID = 33554522
    Description =

    Error - 8/2/2010 2:29:05 PM | Computer Name = MICHELLE | Source = avast! | ID = 33554522
    Description =

    Error - 8/2/2010 2:29:05 PM | Computer Name = MICHELLE | Source = avast! | ID = 33554522
    Description =

    Error - 8/2/2010 2:29:15 PM | Computer Name = MICHELLE | Source = avast! | ID = 33554522
    Description =

    Error - 8/2/2010 2:29:22 PM | Computer Name = MICHELLE | Source = avast! | ID = 33554522
    Description =

    Error - 8/2/2010 2:29:23 PM | Computer Name = MICHELLE | Source = avast! | ID = 33554522
    Description =

    Error - 8/2/2010 2:29:25 PM | Computer Name = MICHELLE | Source = avast! | ID = 33554522
    Description =

    Error - 8/2/2010 2:29:27 PM | Computer Name = MICHELLE | Source = avast! | ID = 33554522
    Description =

    Error - 8/2/2010 2:32:01 PM | Computer Name = MICHELLE | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 2/4/2012 8:47:35 PM | Computer Name = MICHELLE | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 2/4/2012 8:47:40 PM | Computer Name = MICHELLE | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 2/5/2012 2:00:32 PM | Computer Name = MICHELLE | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 2/5/2012 2:00:37 PM | Computer Name = MICHELLE | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 2/5/2012 4:22:11 PM | Computer Name = MICHELLE | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 2/5/2012 4:22:17 PM | Computer Name = MICHELLE | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 2/5/2012 4:58:34 PM | Computer Name = MICHELLE | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 2/5/2012 4:58:39 PM | Computer Name = MICHELLE | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 2/6/2012 4:30:58 AM | Computer Name = MICHELLE | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 2/6/2012 4:31:05 AM | Computer Name = MICHELLE | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    [ System Events ]
    Error - 2/3/2012 6:09:32 PM | Computer Name = MICHELLE | Source = Service Control Manager | ID = 7000
    Description = The NICCONFIGSVC service failed to start due to the following error:
    %%2

    Error - 2/3/2012 6:24:52 PM | Computer Name = MICHELLE | Source = Service Control Manager | ID = 7000
    Description = The NICCONFIGSVC service failed to start due to the following error:
    %%2

    Error - 2/4/2012 6:53:39 AM | Computer Name = MICHELLE | Source = Service Control Manager | ID = 7000
    Description = The NICCONFIGSVC service failed to start due to the following error:
    %%2

    Error - 2/4/2012 3:43:54 PM | Computer Name = MICHELLE | Source = Service Control Manager | ID = 7000
    Description = The NICCONFIGSVC service failed to start due to the following error:
    %%2

    Error - 2/4/2012 8:49:31 PM | Computer Name = MICHELLE | Source = Service Control Manager | ID = 7000
    Description = The NICCONFIGSVC service failed to start due to the following error:
    %%2

    Error - 2/5/2012 2:02:22 PM | Computer Name = MICHELLE | Source = Service Control Manager | ID = 7000
    Description = The NICCONFIGSVC service failed to start due to the following error:
    %%2

    Error - 2/5/2012 4:23:28 PM | Computer Name = MICHELLE | Source = Service Control Manager | ID = 7000
    Description = The NICCONFIGSVC service failed to start due to the following error:
    %%2

    Error - 2/5/2012 4:59:47 PM | Computer Name = MICHELLE | Source = Service Control Manager | ID = 7000
    Description = The NICCONFIGSVC service failed to start due to the following error:
    %%2

    Error - 2/6/2012 4:32:09 AM | Computer Name = MICHELLE | Source = Service Control Manager | ID = 7000
    Description = The NICCONFIGSVC service failed to start due to the following error:
    %%2

    Error - 2/6/2012 1:16:31 PM | Computer Name = MICHELLE | Source = Service Control Manager | ID = 7034
    Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >
  9. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    I think thats everything.
  10. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    [​IMG]

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...1/mcinsctl.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
      [2012/02/02 23:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Local Settings\Application Data\AskToolbar
      [2012/02/06 18:01:11 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
      @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Shel\Desktop\Firefox Setup 10.0.exe:SummaryInformation
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  11. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-1490736864-3752856970-3868903156-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    C:\Documents and Settings\Shel\Local Settings\Application Data\AskToolbar\Downloaded Program Files\temp folder moved successfully.
    C:\Documents and Settings\Shel\Local Settings\Application Data\AskToolbar\Downloaded Program Files folder moved successfully.
    C:\Documents and Settings\Shel\Local Settings\Application Data\AskToolbar folder moved successfully.
    C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
    ADS C:\Documents and Settings\Shel\Desktop\Firefox Setup 10.0.exe:SummaryInformation deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 5855579 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 41620 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 114755 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Owner

    User: Peter
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 3292 bytes

    User: Peter.MICHELLE
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 7198221 bytes
    ->Flash cache emptied: 2836 bytes

    User: Shel
    ->Temp folder emptied: 2859408 bytes
    ->Temporary Internet Files folder emptied: 3432791 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 223959135 bytes
    ->Flash cache emptied: 2914002 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 90 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 317101 bytes
    RecycleBin emptied: 1051 bytes

    Total Files Cleaned = 235.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner

    User: Peter

    User: Peter.MICHELLE

    User: Shel
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Owner

    User: Peter
    ->Flash cache emptied: 0 bytes

    User: Peter.MICHELLE
    ->Flash cache emptied: 0 bytes

    User: Shel
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 02062012_192446

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Shel\Local Settings\Temporary Internet Files\Content.IE5\P0IBQXUU\background-banner-right-v45[1].jpg moved successfully.
    C:\Documents and Settings\Shel\Local Settings\Temporary Internet Files\Content.IE5\A8G86ADZ\background_button_green_full[2].png moved successfully.
    C:\Documents and Settings\Shel\Local Settings\Temporary Internet Files\Content.IE5\A8G86ADZ\list-item-plus[1].png moved successfully.
    C:\Documents and Settings\Shel\Local Settings\Temporary Internet Files\Content.IE5\7YBC4JJF\api[4].htm moved successfully.
    C:\Documents and Settings\Shel\Local Settings\Temporary Internet Files\Content.IE5\7YBC4JJF\background-banner-middle-v45[1].jpg moved successfully.
    C:\Documents and Settings\Shel\Local Settings\Temporary Internet Files\Content.IE5\7YBC4JJF\background_banner_green_50_v45[1].jpg moved successfully.
    C:\Documents and Settings\Shel\Local Settings\Temporary Internet Files\Content.IE5\16IAEJRA\api[2].htm moved successfully.

    Registry entries deleted on Reboot...
     
  12. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    COMODO Internet Security
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    XoftSpySE
    CCleaner
    Java(TM) 6 Update 30
    Java(TM) 6 Update 3
    Out of date Java installed!
    Adobe Flash Player ( 10.2.159.1) Flash Player Out of Date!
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ``````````End of Log````````````
  13. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Farbar Service Scanner Version: 05-02-2012
    Ran by Shel (administrator) on 06-02-2012 at 19:54:58
    Running from "C:\Documents and Settings\Shel\My Documents\Downloads"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    aswTdi(12) cmdHlp(14) Gpc(6) IPSec(4) NetBT(5) Packet(9) PSched(7) Tcpip(3)
    0x0D000000040000000100000002000000030000000E0000000C00000008000000050000000600000007000000090000000A0000000B000000
    IpSec Tag value is correct.

    **** End of log ****
  14. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    I'm not sure how else I can ask you this question:
    to finally get some answer.
  15. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Sorry been waiting for the ESET scan.no log created.found a adware set up file which i hadnt installed.but had downloaded..removed the file .
    thanks for your help.
  16. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    I'll NOT continue until you answer my question, which I asked THREE times already.
  17. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Sorry i thought i answered.the laptop is fine. all viruses have been removed.
  18. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Im sorry i dont understand your question, the laptop has been running the same as the last few days and now its virus free i expect it to run better.
  19. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Uninstall Java(TM) 6 Update 3.

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ===========================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  20. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Make sure you complete all steps from my last reply.

    Then....

    Without being at your place or some details I can't comment.
  21. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    cannot access error showed up but disapeared on reboot.

    OTL log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner

    User: Peter
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Peter.MICHELLE
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Shel
    ->Temp folder emptied: 15676592 bytes
    ->Temporary Internet Files folder emptied: 72253 bytes
    ->Java cache emptied: 1853 bytes
    ->FireFox cache emptied: 49864496 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 43928 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 63.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Owner

    User: Peter
    ->Flash cache emptied: 0 bytes

    User: Peter.MICHELLE
    ->Flash cache emptied: 0 bytes

    User: Shel
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner

    User: Peter

    User: Peter.MICHELLE

    User: Shel
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 02062012_231722

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  22. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    firefox loaded fine.done the cleanup as instructed

    thanks for your help sorry if i frustrated you.was watching a football match while doing earlier scans.
    the laptop is pretty old and is only used by my dad.I have a windows 7 pc myself.
    now its clean and error free thanks to you he can enjoy using it again.
  23. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.