Solved Virus - Can't install Malwarebytes - Access is denied

Status
Not open for further replies.

houston10s

Posts: 28   +0
The PC has conracted a virus. Do not see any name associated with the virus. I've tried to install malwarebytes in both normal and safe mode but receive the error, Access is denied. I have disabled essential startup services and programs via msconfig. I've run GMER. A save option does not appear either before or after clicking on the GMER Scan button. I have run TFC. I have pasted both dds logs below. Thank you in advance for your help. Please advise.

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by gary at 7:31:43.59 on Sat 04/09/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1762 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
G:\dds\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mymail.drakausa.com/iNotes6W.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/59.15/uploader2.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194977416857
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195505436639
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://am.sa.draka.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: cryptnet32 - cryptnet32.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
S1 CorexCardScan;CardScan USB Scanner;c:\windows\system32\drivers\slcorex.sys [2003-5-22 8448]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S2 PPNT;PPNT;c:\windows\system32\drivers\ppnt.sys [2003-12-1 13824]
S3 EL3C574;FE574B-3Com 10/100 LAN PCCard Device Driver;c:\windows\system32\drivers\el574nd4.sys [2007-2-16 24653]
S3 OnePointDomainAdminService;Active Directory Migration Agent;c:\windows\onepointdomainagent\DCTAgentService.exe [2008-7-18 39424]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
S4 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2010-12-9 245760]
S4 TIRmtCtl;Track-It! Remote Control;c:\windows\tiremote\wuser32.exe [2007-11-14 311374]
S4 TIRmtSvc;Track-It! Workstation Manager;c:\windows\tiremote\TIRemoteService.exe [2007-11-14 610816]
.
=============== Created Last 30 ================
.
2011-04-09 03:20:38 -------- d-----w- c:\docume~1\gary\applic~1\Malwarebytes
2011-04-09 03:17:09 -------- d-sh--w- c:\documents and settings\gary\PrivacIE
2011-04-09 03:17:04 -------- d-sh--w- c:\documents and settings\gary\IETldCache
2011-04-09 02:38:52 471040 ---ha-w- c:\docume~1\alluse~1\applic~1\20373300.exe
2011-04-09 02:29:42 544768 ---ha-w- c:\docume~1\alluse~1\applic~1\BkTMsDGeKfjuDY.exe
2011-04-08 13:18:21 6792528 ---ha-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{efd8fa40-eff0-4f81-a49f-c8b29eeab94e}\mpengine.dll
2011-04-06 05:18:57 -------- d--h--w- c:\docume~1\alluse~1\applic~1\espionServerData
2011-04-06 04:34:12 -------- d--h--w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-03-25 23:48:06 4284416 ---ha-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M ====================
.
2011-02-25 23:23:17 296056 ---ha-w- c:\windows\system32\shimg.dll
2011-02-09 13:53:52 270848 ---ha-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ---ha-w- c:\windows\system32\encdec.dll
2011-02-03 03:40:23 472808 ---ha-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19:39 73728 ---ha-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ---ha-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ---ha-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ---ha-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 7:32:49.60 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/13/2007 6:00:51 PM
System Uptime: 4/9/2011 7:28:27 AM (0 hours ago)
.
Motherboard: LENOVO | | 195143U
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | None | 1828/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 24 GiB total, 6.035 GiB free.
D: is FIXED (NTFS) - 31 GiB total, 9.156 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4227&SUBSYS_10108086&REV_02\4&20975680&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4227&SUBSYS_10108086&REV_02\4&20975680&0&00E1
Service: NETw3x32
.
==== System Restore Points ===================
.
RP133: 3/15/2011 9:57:38 AM - System Checkpoint
RP134: 3/16/2011 9:44:38 AM - Software Distribution Service 3.0
RP135: 3/17/2011 11:08:53 AM - System Checkpoint
RP136: 3/18/2011 8:39:10 AM - Software Distribution Service 3.0
RP137: 3/19/2011 11:16:13 AM - Software Distribution Service 3.0
RP138: 3/20/2011 12:35:02 PM - System Checkpoint
RP139: 3/21/2011 2:04:09 PM - Software Distribution Service 3.0
RP140: 3/22/2011 1:58:24 PM - Software Distribution Service 3.0
RP141: 3/23/2011 4:08:52 PM - System Checkpoint
RP142: 3/24/2011 12:48:56 AM - Software Distribution Service 3.0
RP143: 3/24/2011 9:27:13 AM - Software Distribution Service 3.0
RP144: 3/25/2011 3:43:40 PM - Software Distribution Service 3.0
RP145: 3/28/2011 12:16:10 AM - Software Distribution Service 3.0
RP146: 3/29/2011 1:06:00 AM - System Checkpoint
RP147: 3/29/2011 10:10:46 AM - Software Distribution Service 3.0
RP148: 3/30/2011 11:10:24 AM - System Checkpoint
RP149: 3/31/2011 10:53:59 AM - Software Distribution Service 3.0
RP150: 4/1/2011 12:49:42 PM - System Checkpoint
RP151: 4/2/2011 8:52:16 AM - Software Distribution Service 3.0
RP152: 4/3/2011 2:02:36 AM - Software Distribution Service 3.0
RP153: 4/3/2011 8:51:54 AM - Software Distribution Service 3.0
RP154: 4/4/2011 8:51:47 AM - Software Distribution Service 3.0
RP155: 4/5/2011 10:56:46 AM - Software Distribution Service 3.0
RP156: 4/5/2011 11:21:37 PM - Installed Adobe Photoshop Elements 9.
RP157: 4/7/2011 8:13:16 AM - Software Distribution Service 3.0
RP158: 4/8/2011 8:18:16 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Reader 8.1.3
Adobe® Photoshop® Album Starter Edition 3.2
AiO_Scan_CDA
AiOSoftwareNPI
ArcSoft Panorama Maker 3
AVS DVDMenu Editor 1.2.1.19
AVS Video Converter 5.6
AVS4YOU Software Navigator 1.2
Brother MFL-Pro Suite MFC-J410W
BufferChm
C3100
c3100_Help
CardScan 6.0.6
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eCopy Desktop
Elements 9 Organizer
Elements STI Installer
ESET Online Scanner v3
eSupportQFolder
Fax_CDA
FAXCOM for Domino - Client
Glary Utilities 2.20.0.831
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
Java Auto Updater
Java(TM) 6 Update 24
Juniper Networks Network Connect 5.5.0
Lotus Notes 6.5.1
Malwarebytes' Anti-Malware
mCore
mDriver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
mMHouse
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
NewCopy_CDA
OCR Software by I.R.I.S 7.0
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
PanoStandAlone
PaperPort Image Printer
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Photo Story 3 for Windows
Picaboo X
Picasa 3
PictureProject
PictureProject In Touch Downloader 1.0
ProductContextNPI
QuickTime
ReadIRIS
Readme
Scan
ScannerCopy
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 3.8
SolutionCenter
Sonic Express Labeler
Sonic RecordNow!
Sonic Update Manager
Status
Symantec Enterprise Vault Outlook Add-In
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live installer
Windows Live Messenger
Windows Live Photo Gallery
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
4/8/2011 10:13:21 PM, error: Microsoft Antimalware [1014] - Microsoft Antimalware has encountered an error trying to remove history of malware and other potentially unwanted software. Time: 3/9/2011 10:13:21 PM User: NT AUTHORITY\SYSTEM Error Code: 0x80070005 Error description: Access is denied.
4/8/2011 10:12:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/8/2011 10:04:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter TPPWRIF
4/8/2011 10:04:43 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
4/8/2011 10:03:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/8/2011 10:03:18 PM, error: SRService [104] - The System Restore initialization process failed.
4/6/2011 7:41:07 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
4/5/2011 10:46:19 AM, error: Service Control Manager [7000] - The MSCamSvc service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
 
Addendum - gmer log

In safe mode could not see GMER's save option. I could see it in normal mode. Ran GMER again and am posting the log below. Also had run tdsskiller previously and it did not find any threats. Thanks...

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-09 15:43:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS54106 rev.MB3I
Running: iuuj397j.exe; Driver: C:\DOCUME~1\gary\LOCALS~1\Temp\pgliqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Any particular reason, why you ran DDS from safe mode?

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi Broni,

Running in safe mode seemed like a good idea at the time. Running from this point in normal mode. While waiting I installed and ran SuperAntiSpyware. It found and cleaned 2 trojan gen-fake viruses. I ran combo box as per your instructions. Though it did give an exception processing error it did create a log which I have pasted below. I have also pasted below the mbrcheck log as per your instructions:

ComboFix 11-04-09.01 - gary 04/09/2011 19:07:15.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1627 [GMT -5:00]
Running from: c:\documents and settings\gary\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\menezesa\Application Data\Schedule Plus Interchange (.sc2) .ADR
c:\documents and settings\menezesa\Application Data\Schedule Plus Interchange (.sc2) .CAL
c:\documents and settings\menezesa\Application Data\Schedule Plus Interchange (.sc2) .TSK
c:\documents and settings\sak\Start Menu\Programs\Windows Restore
c:\windows\system32\shimg.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-09 23:02 . 2011-04-09 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-09 23:02 . 2011-04-09 23:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-09 19:37 . 2011-04-09 19:38 -------- d-----w- C:\oldvirus
2011-04-09 03:16 . 2011-04-09 03:17 -------- d-----w- c:\documents and settings\gary
2011-04-08 13:18 . 2011-03-15 04:05 6792528 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFD8FA40-EFF0-4F81-A49F-C8B29EEAB94E}\mpengine.dll
2011-04-06 05:18 . 2011-04-06 05:18 -------- d--h--w- c:\documents and settings\All Users\Application Data\espionServerData
2011-04-06 04:34 . 2011-04-06 05:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-03-25 23:48 . 2011-03-25 23:48 4284416 ---ha-w- c:\windows\system32\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2011-03-09 02:00 6792528 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2004-08-04 12:00 270848 ---ha-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00 186880 ---ha-w- c:\windows\system32\encdec.dll
2011-02-03 03:40 . 2010-05-14 16:38 472808 ---ha-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19 . 2008-06-21 18:45 73728 ---ha-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2007-02-13 23:53 2067456 ---ha-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2007-02-13 23:53 677888 ---ha-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00 439296 ---ha-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
.
c:\documents and settings\menezesa\Start Menu\Programs\Startup\
Screen Saver Control.lnk - c:\windows\FSScrCtl.exe [2001-8-8 241664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-343818398-725345543-7889\Scripts\Logon\0\0]
"Script"=\\houdc01\netlogon\hou.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2636023787-564363548-2042505478-1535\Scripts\Logon\0\0]
"Script"=\\corp.draka.com\netlogon\usnd1\nd1.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2636023787-564363548-2042505478-26816\Scripts\Logon\0\0]
"Script"=\\corp.draka.com\netlogon\USHO1\HO1.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ---ha-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 06:25 497648 ---ha-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2006-12-20 06:14 208896 ---ha-w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-02-09 22:43 2621440 ---h--r- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 16:26 114688 ---h--w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ---ha-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-24 04:00 136176 ---hatw- c:\documents and settings\sak\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-09-15 14:50 77824 ---ha-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-09-15 14:54 118784 ---ha-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-09-15 14:53 94208 ---ha-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-10 05:05 46368 ---ha-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ---ha-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~2\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 22:15 81920 ---ha-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 19:20 997408 ---ha-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-10-18 17:34 5724184 ---ha-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ---ha-w- c:\documents and settings\sak\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-10 05:07 29984 ---ha-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
2006-12-20 06:14 159744 ---ha-w- c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-10 21:27 385024 ---ha-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 14:11 925696 ---ha-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 15:03 210472 ---ha-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 20:49 249064 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-08-11 07:30 512000 ---ha-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2007-08-11 07:30 110592 ---ha-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2006-10-13 22:04 707376 ---ha-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"TIRmtSvc"=2 (0x2)
"TIRmtCtl"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"ose"=3 (0x3)
"Multi-user Cleanup Service"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MSCamSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IBMPMSVC"=2 (0x2)
"gusvc"=3 (0x3)
"EvtEng"=2 (0x2)
"DWMRCS"=2 (0x2)
"dsNcService"=2 (0x2)
"BrYNSvc"=3 (0x3)
"AdobeActiveFileMonitor9.0"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\sak\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 PPNT;PPNT;c:\windows\system32\drivers\ppnt.sys [12/1/2003 2:44 AM 13824]
S1 CorexCardScan;CardScan USB Scanner;c:\windows\system32\drivers\slcorex.sys [5/22/2003 12:32 AM 8448]
S3 EL3C574;FE574B-3Com 10/100 LAN PCCard Device Driver;c:\windows\system32\drivers\el574nd4.sys [2/16/2007 4:28 PM 24653]
S3 OnePointDomainAdminService;Active Directory Migration Agent;c:\windows\OnePointDomainAgent\DCTAgentService.exe [7/18/2008 2:56 PM 39424]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/30/2010 3:06 AM 169408]
S4 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/9/2010 10:52 PM 245760]
S4 TIRmtCtl;Track-It! Remote Control;c:\windows\TIREMOTE\wuser32.exe [11/14/2007 1:53 PM 311374]
S4 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [11/14/2007 1:53 PM 610816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\AdobeAAMUpdater-1.0-COMPUTERROOM-sak.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]
.
2011-04-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-25 00:44]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1715567821-725345543-1005Core.job
- c:\documents and settings\sak\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-24 04:00]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1715567821-725345543-1005UA.job
- c:\documents and settings\sak\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-24 04:00]
.
2011-04-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]
.
2011-04-08 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-02-14 06:14]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-klmdb.sys
MSConfigStartUp-BkTMsDGeKfjuDY - c:\documents and settings\All Users\Application Data\BkTMsDGeKfjuDY.exe
AddRemove-HijackThis - f:\toolkit\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-09 19:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-09 19:18:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-10 00:18
.
Pre-Run: 4,096,274,432 bytes free
Post-Run: 4,074,074,112 bytes free
.
- - End Of File - - 805F375AABA306C54A9DD6DE5C7300F6


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F13000 atapi.sys
0xB9E3D000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E1D000 fltmgr.sys
0xB9E0B000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9DF4000 KSecDD.sys
0xB9D67000 Ntfs.sys
0xB9D3A000 NDIS.sys
0xB9D20000 Mup.sys
0xBA178000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9065000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB9051000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9029000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8FFC000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8FD8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA408000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA188000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA410000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8FAC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA418000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA198000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA560000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8F98000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA420000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xBA564000 \SystemRoot\system32\DRIVERS\irenum.sys
0xBA428000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA570000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8F75000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0xBA72F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA430000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8F5E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8F4D000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA440000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA448000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8F1D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA228000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5E8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8EBF000 \SystemRoot\system32\DRIVERS\update.sys
0xBA594000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB95BA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA88FE000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA88DA000 \SystemRoot\system32\drivers\portcls.sys
0xBA268000 \SystemRoot\system32\drivers\drmk.sys
0xA88C3000 \SystemRoot\system32\drivers\AEAudio.sys
0xA8890000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA879E000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA86EC000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA498000 \SystemRoot\System32\Drivers\Modem.SYS
0xA7968000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA61C0000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xA70B6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA6A0E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7E6000 \SystemRoot\System32\Drivers\Null.SYS
0xA6A0C000 \SystemRoot\System32\Drivers\Beep.SYS
0xA70A6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA709E000 \SystemRoot\System32\drivers\vga.sys
0xA6A0A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xA6A08000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3C0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3D0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA81C7000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA0B44000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA0205000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9F5DE000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9EE08000 \SystemRoot\System32\drivers\afd.sys
0x9FB6D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9FB05000 \SystemRoot\System32\drivers\Tppwrif.sys
0x9D7E0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x9D7BA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9E90A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9E63F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9E8FA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9E2C1000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9E2B9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9E633000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9E2B1000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9E62F000 \SystemRoot\system32\DRIVERS\BrScnUsb.sys
0x9D78F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9D71F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E8EA000 \SystemRoot\System32\Drivers\Fips.SYS
0x9D6FB000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9D625000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9DD4B000 \SystemRoot\System32\drivers\Dxapi.sys
0x9DC33000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA688000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF021000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF043000 \SystemRoot\System32\ialmdev5.DLL
0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
0xBF16E000 \SystemRoot\System32\ATMFD.DLL
0xBA460000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x9D60F000 \SystemRoot\system32\DRIVERS\irda.sys
0xA8CF0000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA8CE8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D592000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA148000 \??\C:\WINDOWS\system32\Drivers\PAR1284.SYS
0xA4371000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBA3A0000 \??\C:\WINDOWS\system32\Drivers\PPNT.SYS
0x9D5EB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9D512000 \SystemRoot\system32\DRIVERS\srv.sys
0x9D395000 \SystemRoot\system32\drivers\wdmaud.sys
0x9DB73000 \SystemRoot\system32\drivers\sysaudio.sys
0x9D16E000 \SystemRoot\System32\Drivers\HTTP.sys
0x9D07E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9CF8B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 24):
0 System Idle Process
4 System
700 C:\WINDOWS\system32\smss.exe
752 csrss.exe
776 C:\WINDOWS\system32\winlogon.exe
820 C:\WINDOWS\system32\services.exe
832 C:\WINDOWS\system32\lsass.exe
988 C:\WINDOWS\system32\svchost.exe
1068 svchost.exe
1212 C:\WINDOWS\system32\svchost.exe
1356 svchost.exe
1464 svchost.exe
1628 C:\WINDOWS\system32\spoolsv.exe
1824 svchost.exe
1932 C:\WINDOWS\system32\svchost.exe
212 C:\WINDOWS\system32\svchost.exe
1104 C:\WINDOWS\explorer.exe
1768 alg.exe
1396 C:\WINDOWS\system32\ctfmon.exe
1480 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
920 C:\Program Files\Internet Explorer\iexplore.exe
452 C:\Program Files\Internet Explorer\iexplore.exe
3524 C:\Program Files\Internet Explorer\iexplore.exe
2168 C:\Documents and Settings\gary\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000006`1a63be00 (NTFS)

PhysicalDrive0 Model Number: HTS541060G9SA00, Rev: MB3IC60H

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
Well done :)

Combofix log looks good now.

See, if you can update and run MBAM in normal mode now.
 
Broni,

All looks well. I can update and run MBAM which did not find any issues. All other functions seem to be showing up and working normally.

Thank you so much for your time and expertise. You are a blessing. You definitely make the world a better place.
 
Good news, but.....no so fast :)
We're not done yet....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
As per your instructions, pasted below is part 1 of otl.txt. Part 2 of otl.txt and extras.txt will be pasted into separate messages and sent immediately following this message:

OTL logfile created on: 4/9/2011 9:37:43 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\gary\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 3.64 Gb Free Space | 14.93% Space Free | Partition Type: NTFS
Drive D: | 31.47 Gb Total Space | 10.65 Gb Free Space | 33.85% Space Free | Partition Type: NTFS
Drive G: | 488.00 Mb Total Space | 445.64 Mb Free Space | 91.32% Space Free | Partition Type: FAT

Computer Name: COMPUTERROOM | User Name: gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/09 21:33:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
PRC - [2011/03/16 17:24:21 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/02/09 17:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/11 02:30:40 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/07/16 17:21:26 | 000,410,976 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2007/02/02 09:11:30 | 000,208,384 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE
PRC - [2006/11/06 16:44:02 | 000,071,680 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE
PRC - [2006/10/13 17:04:06 | 000,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2006/08/18 15:23:12 | 000,610,816 | ---- | M] (Numara Software, Inc.) -- C:\WINDOWS\TIREMOTE\TIRemoteService.exe
PRC - [2006/08/18 15:08:44 | 000,311,374 | ---- | M] (Intuit Track-It!) -- C:\WINDOWS\TIREMOTE\wuser32.exe
PRC - [2005/02/16 17:15:20 | 000,581,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2004/01/09 04:56:44 | 000,057,393 | ---- | M] (IBM Corp) -- C:\lotus\notes\ntmulti.exe


========== Modules (SafeList) ==========

MOD - [2011/04/09 21:33:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/08/11 02:30:34 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MSCamSvc)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2007/07/16 17:21:26 | 000,410,976 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2007/02/02 09:11:30 | 000,208,384 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
SRV - [2006/08/18 15:23:12 | 000,610,816 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\WINDOWS\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
SRV - [2006/08/18 15:08:44 | 000,311,374 | ---- | M] (Intuit Track-It!) [Auto | Running] -- C:\WINDOWS\TIREMOTE\wuser32.exe -- (TIRmtCtl)
SRV - [2005/09/20 06:20:14 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\OnePointDomainAgent\DCTAgentService.exe -- (OnePointDomainAdminService)
SRV - [2004/01/09 04:56:44 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Running] -- C:\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/09 20:23:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{42E85B89-491C-413B-833F-0FD39288D219}\MpKslf81a49d2.sys -- (MpKslf81a49d2)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/07/16 14:56:36 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2006/12/20 01:14:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/13 17:04:30 | 001,966,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/08/28 22:12:00 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/08/28 22:11:00 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/08/28 22:10:00 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/17 10:26:14 | 001,298,944 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctmmfilt.sys -- (ctmmfilt)
DRV - [2005/02/17 10:19:16 | 000,339,984 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/02/17 10:18:20 | 000,410,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2005/02/17 10:18:18 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/02/17 10:18:16 | 000,704,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2005/02/17 10:18:14 | 000,172,032 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2005/02/17 10:18:14 | 000,148,480 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2005/02/17 10:18:12 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/02/17 10:18:10 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/02/17 10:18:10 | 000,071,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/02/17 10:18:08 | 000,497,664 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/12/01 02:44:12 | 000,054,792 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\par1284.sys -- (PAR1284)
DRV - [2003/12/01 02:44:12 | 000,013,824 | ---- | M] (Corex Technologies Corp.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ppnt.sys -- (PPNT)
DRV - [2003/05/22 00:32:30 | 000,008,448 | ---- | M] (CYPRESS Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\slcorex.sys -- (CorexCardScan)
DRV - [2001/08/17 12:10:56 | 000,024,653 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el574nd4.sys -- (EL3C574)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 90 B4 83 27 F7 CB 01 [binary data]
IE - HKU\S-1-5-21-117609710-1715567821-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/04/09 19:14:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-117609710-1715567821-725345543-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\menezesa\Start Menu\Programs\Startup\Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe (Stardust Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-1715567821-725345543-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-117609710-1715567821-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mymail.drakausa.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/59.15/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194977416857 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195505436639 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://am.sa.draka.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Draka USA Desktop Background 1024 x 768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Draka USA Desktop Background 1024 x 768.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/13 18:58:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/09 21:33:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
[2011/04/09 21:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\Adobe
[2011/04/09 21:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\Scansoft
[2011/04/09 20:07:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/09 20:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\GlarySoft
[2011/04/09 19:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/09 19:21:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/09 19:04:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/09 19:04:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/09 19:04:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/09 19:04:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/09 19:04:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/09 18:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\SUPERAntiSpyware.com
[2011/04/09 18:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/09 18:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/09 18:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/09 18:02:12 | 010,846,616 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\gary\Desktop\SUPERAntiSpyware.exe
[2011/04/09 14:37:08 | 000,000,000 | ---D | C] -- C:\oldvirus
[2011/04/09 07:30:07 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\1galmb.exe
[2011/04/08 22:33:57 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\2Copy of mbam-setup-1.50.1.1100.exe
[2011/04/08 22:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Malwarebytes
[2011/04/08 22:20:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/08 22:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Adobe
[2011/04/08 22:17:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\gary\PrivacIE
[2011/04/08 22:17:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\gary\IETldCache
[2011/04/08 22:16:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\gary\Application Data\Microsoft
[2011/04/08 22:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gary\Start Menu\Programs\Startup
[2011/04/08 22:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gary\Start Menu
[2011/04/08 22:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gary\SendTo
[2011/04/08 22:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gary\Application Data
[2011/04/08 22:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gary\Start Menu\Programs\Accessories
[2011/04/08 22:16:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\gary\Cookies
[2011/04/08 22:16:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\gary\Local Settings
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Templates
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\Symantec
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Recent
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\PrintHood
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\NetHood
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\My Documents
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\Microsoft
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Macromedia
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\InstallShield
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Identities
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Favorites
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Desktop
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Start Menu\Programs\CtrlInstaller
[2011/04/08 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\BVRP Software
[2011/04/06 00:25:47 | 000,000,000 | ---D | C] -- D:\My Documents\Adobe
[2011/04/06 00:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/04/05 23:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/05 11:06:17 | 000,000,000 | ---D | C] -- D:\My Documents\Scan
[2008/03/19 17:28:33 | 000,032,768 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/02/17 10:18:06 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

========== Files - Modified Within 30 Days ==========

[2011/04/09 21:33:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
[2011/04/09 21:31:46 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/04/09 21:31:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 21:31:42 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/04/09 21:31:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/04/09 21:31:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/04/09 21:10:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1715567821-725345543-1005UA.job
[2011/04/09 20:16:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/09 20:11:45 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/09 20:11:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/09 20:09:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/04/09 20:02:46 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\gary\Desktop\Glary Utilities.lnk
[2011/04/09 19:14:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/09 19:03:18 | 004,317,630 | R--- | M] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
[2011/04/09 19:00:47 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\gary\Desktop\MBRCheck.exe
[2011/04/09 18:02:47 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/09 18:00:02 | 010,846,616 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\gary\Desktop\SUPERAntiSpyware.exe
[2011/04/09 15:42:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/08 22:56:14 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 22:54:00 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\1galmb.exe
[2011/04/08 22:20:17 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/08 22:20:17 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\2Copy of mbam-setup-1.50.1.1100.exe
[2011/04/08 22:16:11 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\gary\ntuser.pol
[2011/04/08 22:01:37 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm
[2011/04/08 22:01:37 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
[2011/04/08 21:38:56 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373300r
[2011/04/08 21:38:56 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373300
[2011/04/08 21:38:53 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20373300
[2011/04/08 12:10:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1715567821-725345543-1005Core.job
[2011/04/07 19:52:21 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
[2011/04/07 19:52:21 | 000,000,232 | ---- | M] () -- C:\sqmdata06.sqm
[2011/04/07 19:52:10 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
[2011/04/07 19:52:10 | 000,000,232 | ---- | M] () -- C:\sqmdata05.sqm
[2011/04/07 19:32:57 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2011/04/07 19:32:57 | 000,000,232 | ---- | M] () -- C:\sqmdata04.sqm
[2011/04/07 19:30:51 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2011/04/07 19:30:51 | 000,000,232 | ---- | M] () -- C:\sqmdata03.sqm
[2011/04/07 02:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-COMPUTERROOM-sak.job
[2011/04/06 22:40:37 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
[2011/04/06 22:40:37 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2011/04/06 21:23:56 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2011/04/06 21:23:56 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2011/04/06 07:40:43 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/06 01:21:11 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
[2011/04/06 01:21:11 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2011/04/05 23:27:06 | 000,001,657 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 9.lnk
[2011/04/05 01:01:34 | 000,000,268 | ---- | M] () -- C:\sqmdata19.sqm
[2011/04/05 01:01:34 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm
[2011/04/01 02:39:52 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm
[2011/04/01 02:39:52 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
[2011/03/31 01:30:06 | 000,000,268 | ---- | M] () -- C:\sqmdata17.sqm
[2011/03/31 01:30:06 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
[2011/03/30 00:49:01 | 000,000,268 | ---- | M] () -- C:\sqmdata16.sqm
[2011/03/30 00:49:01 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
[2011/03/29 01:40:21 | 000,000,268 | ---- | M] () -- C:\sqmdata15.sqm
[2011/03/29 01:40:20 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
[2011/03/28 01:14:20 | 000,000,268 | ---- | M] () -- C:\sqmdata14.sqm
[2011/03/28 01:14:20 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
[2011/03/26 00:21:29 | 000,000,268 | ---- | M] () -- C:\sqmdata13.sqm
[2011/03/26 00:21:28 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
[2011/03/24 23:35:22 | 000,000,268 | ---- | M] () -- C:\sqmdata12.sqm
[2011/03/24 23:35:21 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm
[2011/03/24 00:48:44 | 000,000,268 | ---- | M] () -- C:\sqmdata11.sqm
[2011/03/24 00:48:44 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
[2011/03/23 00:31:04 | 000,000,268 | ---- | M] () -- C:\sqmdata10.sqm
[2011/03/23 00:31:04 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
[2011/03/21 08:55:27 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm
[2011/03/21 08:55:27 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
[2011/03/13 08:46:31 | 000,439,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 08:46:31 | 000,069,920 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/11 04:15:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
 
Part 2 of otl.txt follows:


========== Files Created - No Company Name ==========

[2011/04/09 20:10:01 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
[2011/04/09 20:10:01 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011/04/09 20:02:46 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\gary\Desktop\Glary Utilities.lnk
[2011/04/09 19:04:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/09 19:04:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/09 19:04:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/09 19:04:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/09 19:04:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/09 19:03:18 | 004,317,630 | R--- | C] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
[2011/04/09 19:00:47 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\gary\Desktop\MBRCheck.exe
[2011/04/09 18:02:47 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/09 15:42:16 | 2137,509,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/08 22:56:14 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 22:16:11 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\gary\ntuser.pol
[2011/04/08 22:16:08 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\gary\Desktop\Business Systems.lnk
[2011/04/08 22:16:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/08 22:16:08 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/04/08 22:16:06 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\gary\Start Menu\Programs\Remote Assistance.lnk
[2011/04/08 22:16:06 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\gary\Start Menu\Programs\Internet Explorer.lnk
[2011/04/08 22:16:06 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\gary\Start Menu\Programs\Windows Media Player.lnk
[2011/04/08 22:16:06 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\gary\Start Menu\Programs\Outlook Express.lnk
[2011/04/08 21:38:56 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20373300r
[2011/04/08 21:38:56 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20373300
[2011/04/08 21:38:53 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20373300
[2011/04/05 23:36:11 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-COMPUTERROOM-sak.job
[2011/04/05 23:32:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/04/05 23:32:37 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011/04/05 23:27:06 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 9.lnk
[2011/04/05 23:27:06 | 000,001,657 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 9.lnk
[2011/02/25 15:11:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/09 22:54:47 | 000,000,315 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/12/09 22:54:47 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/12/09 22:54:23 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/12/09 22:53:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2010/12/09 22:52:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/12/09 22:49:17 | 000,031,830 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/06/29 22:06:58 | 000,339,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/11 21:35:24 | 000,044,324 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/10/30 07:34:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/17 06:50:47 | 000,000,099 | ---- | C] () -- C:\WINDOWS\notesnsd.ini
[2008/08/04 13:14:58 | 000,000,961 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/07/19 10:53:45 | 000,000,250 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/07/18 16:09:41 | 000,002,266 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2008/07/18 10:46:57 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/07/14 20:22:46 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/03/23 17:59:13 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/03/23 17:59:13 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/19 17:28:39 | 000,265,066 | R--- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2008/03/19 17:28:38 | 000,140,643 | R--- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2008/03/19 17:28:32 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/03/19 17:28:32 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/03/19 17:28:31 | 000,222,368 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/01/27 08:28:08 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/27 08:28:08 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/26 18:10:01 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2008/01/26 18:05:05 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\People
[2008/01/26 18:05:05 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2008/01/24 09:44:08 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/14 13:51:51 | 000,090,112 | ---- | C] () -- C:\WINDOWS\TIRHService.exe
[2007/10/12 18:00:54 | 000,002,850 | ---- | C] () -- C:\WINDOWS\System32\DWRCS.INI
[2007/10/12 13:30:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI
[2007/10/11 22:47:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/10/11 22:45:43 | 000,117,132 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/10/11 22:24:16 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/03/05 09:36:38 | 000,000,106 | ---- | C] () -- C:\WINDOWS\MR2000EX.INI
[2007/02/21 12:14:08 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Bisfax.ini
[2007/02/16 13:12:35 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/02/16 10:13:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/16 09:28:32 | 000,000,806 | ---- | C] () -- C:\WINDOWS\EPFax.INI
[2007/02/16 09:28:32 | 000,000,049 | ---- | C] () -- C:\WINDOWS\mailroom.ini
[2007/02/16 09:28:20 | 000,000,167 | ---- | C] () -- C:\WINDOWS\READIRIS.INI
[2007/02/16 09:27:41 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\MRSPLNT.DLL
[2007/02/16 09:27:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\MRINST.DLL
[2007/02/16 09:27:35 | 000,008,898 | ---- | C] () -- C:\WINDOWS\MR2000.INI
[2007/02/16 09:19:50 | 000,000,041 | ---- | C] () -- C:\WINDOWS\CSERVE.INI
[2007/02/14 15:34:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2007/02/14 15:34:08 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/02/14 15:21:57 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2007/02/14 00:44:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/02/14 00:43:23 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/02/13 19:00:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/02/13 18:55:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/05 19:17:20 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/01/26 15:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/22 13:05:46 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2005/11/11 01:33:00 | 000,073,782 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[2005/02/17 10:24:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/02/17 10:24:20 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/02/17 10:23:16 | 000,033,280 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/02/17 10:18:32 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2005/02/17 10:18:30 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2005/02/17 10:18:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2005/02/17 10:13:20 | 000,032,343 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2005/02/17 10:13:18 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,439,608 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,069,920 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/03/21 04:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/09 14:27:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\FSScrCtlU.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/12/24 11:42:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\biscomns.dll
[1997/11/23 12:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\cdo32.dll

========== LOP Check ==========

[2011/03/09 18:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aMoNaKn06300
[2008/01/26 18:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Console
[2008/01/26 18:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/04/06 00:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/03/08 20:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fPoMiHl06300
[2009/07/20 21:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GbPlugin
[2008/01/26 20:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/01/26 18:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/03/23 17:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/04/06 00:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/12/24 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/03/23 17:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2008/01/26 18:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/02/02 17:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2011/04/09 20:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\GlarySoft
[2008/07/19 10:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2007/10/11 15:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\AbsoluteTelnet
[2007/10/12 13:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Blackberry Desktop
[2008/08/02 11:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\GARMIN
[2007/11/26 21:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Image Zone Express
[2008/07/22 13:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Juniper Networks
[2007/11/07 06:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Leadertech
[2008/01/26 20:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\muvee Technologies
[2008/01/26 18:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Nikon
[2008/07/18 13:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\OfficeUpdate12
[2008/06/22 19:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\pdf995
[2008/01/17 09:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\Research In Motion
[2008/03/23 17:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menezesa\Application Data\TaxCut
[2011/02/02 09:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
[2009/03/05 21:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\AbsoluteTelnet
[2011/02/04 14:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2010/02/14 19:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\Facebook
[2010/07/23 22:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\GlarySoft
[2011/02/04 13:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\Nikon
[2010/08/27 18:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\Octoshape
[2010/12/21 17:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\PC-FAX TX
[2011/02/02 17:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\ScanSoft
[2011/02/02 17:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sak\Application Data\Zeon
[2011/04/09 21:31:42 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/04/09 20:16:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/04/09 21:31:46 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/02/13 18:58:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/02/21 21:20:13 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/09 20:09:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2011/04/09 19:18:38 | 000,016,981 | ---- | M] () -- C:\ComboFix.txt
[2007/02/13 18:58:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/09 09:50:59 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/04/09 20:11:45 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/31 19:53:45 | 000,115,224 | ---- | M] () -- C:\img2-001.raw
[2008/09/07 10:45:23 | 000,115,224 | ---- | M] () -- C:\img2-002.raw
[2007/02/13 18:58:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/25 17:14:10 | 000,008,516 | ---- | M] () -- C:\JavaRa.log
[2007/02/13 18:58:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/18 10:28:31 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/09 20:11:43 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/04/06 01:21:11 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
[2011/04/06 21:23:56 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2011/04/06 22:40:37 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
[2011/04/07 19:30:51 | 000,000,232 | ---- | M] () -- C:\sqmdata03.sqm
[2011/04/07 19:32:57 | 000,000,232 | ---- | M] () -- C:\sqmdata04.sqm
[2011/04/07 19:52:10 | 000,000,232 | ---- | M] () -- C:\sqmdata05.sqm
[2011/04/07 19:52:21 | 000,000,232 | ---- | M] () -- C:\sqmdata06.sqm
[2011/04/08 22:01:37 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm
[2011/04/09 21:31:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/03/21 08:55:27 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm
[2011/03/23 00:31:04 | 000,000,268 | ---- | M] () -- C:\sqmdata10.sqm
[2011/03/24 00:48:44 | 000,000,268 | ---- | M] () -- C:\sqmdata11.sqm
[2011/03/24 23:35:22 | 000,000,268 | ---- | M] () -- C:\sqmdata12.sqm
[2011/03/26 00:21:29 | 000,000,268 | ---- | M] () -- C:\sqmdata13.sqm
[2011/03/28 01:14:20 | 000,000,268 | ---- | M] () -- C:\sqmdata14.sqm
[2011/03/29 01:40:21 | 000,000,268 | ---- | M] () -- C:\sqmdata15.sqm
[2011/03/30 00:49:01 | 000,000,268 | ---- | M] () -- C:\sqmdata16.sqm
[2011/03/31 01:30:06 | 000,000,268 | ---- | M] () -- C:\sqmdata17.sqm
[2011/04/01 02:39:52 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm
[2011/04/05 01:01:34 | 000,000,268 | ---- | M] () -- C:\sqmdata19.sqm
[2011/04/06 01:21:11 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2011/04/06 21:23:56 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2011/04/06 22:40:37 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2011/04/07 19:30:51 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2011/04/07 19:32:57 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2011/04/07 19:52:10 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
[2011/04/07 19:52:21 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
[2011/04/08 22:01:37 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
[2011/04/09 21:31:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/03/21 08:55:27 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
[2011/03/23 00:31:04 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
[2011/03/24 00:48:44 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
[2011/03/24 23:35:21 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm
[2011/03/26 00:21:28 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
[2011/03/28 01:14:20 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
[2011/03/29 01:40:20 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
[2011/03/30 00:49:01 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
[2011/03/31 01:30:06 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
[2011/04/01 02:39:52 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
[2011/04/05 01:01:34 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/02/13 18:57:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/02/01 11:11:10 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/02/14 00:42:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/02/14 00:42:37 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/14 00:42:36 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/18 10:33:10 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/02/15 16:26:46 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/02/15 16:26:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/08 22:54:00 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\1galmb.exe
[2011/04/08 22:20:17 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\2Copy of mbam-setup-1.50.1.1100.exe
[2011/04/09 19:03:18 | 004,317,630 | R--- | M] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
[2011/04/08 22:20:17 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/09 19:00:47 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\gary\Desktop\MBRCheck.exe
[2011/04/09 21:33:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
[2011/04/09 18:00:02 | 010,846,616 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\gary\Desktop\SUPERAntiSpyware.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/09/11 18:59:36 | 000,013,023 | ---- | M] () -- C:\WINDOWS\VX3000.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/02/15 16:26:45 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\gary\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/01/24 12:03:25 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/09 21:31:45 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\gary\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2006/10/19 09:27:58 | 000,581,632 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
extras.txt follows:

OTL Extras logfile created on: 4/9/2011 9:37:43 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\gary\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 3.64 Gb Free Space | 14.93% Space Free | Partition Type: NTFS
Drive D: | 31.47 Gb Total Space | 10.65 Gb Free Space | 33.85% Space Free | Partition Type: NTFS
Drive G: | 488.00 Mb Total Space | 445.64 Mb Free Space | 91.32% Space Free | Partition Type: FAT

Computer Name: COMPUTERROOM | User Name: gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
"AntiVirusOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\TIREMOTE\TIRemoteService.exe" = C:\WINDOWS\TIREMOTE\TIRemoteService.exe:*:Enabled:Track-It! Workstation Manager -- (Numara Software, Inc.)
"C:\WINDOWS\TIREMOTE\wuser32.exe" = C:\WINDOWS\TIREMOTE\wuser32.exe:*:Enabled:Track-It! Remote Control -- (Intuit Track-It!)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\sak\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\sak\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{070D1CA1-BF29-083F-2D1B-247B26CF9434}" = Picaboo X
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{12BE3620-38FB-11D5-8845-9FBAF344AF4E}" = eCopy Desktop
"{182436FB-2417-4658-B733-0F2CB1B78AC8}" = FAXCOM for Domino - Client
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31FD9031-FA28-4F73-9FD1-D7E9997C41CE}" = Brother MFL-Pro Suite MFC-J410W
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{42732288-A935-11D5-AB3E-000102B0F79A}" = ReadIRIS
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5B5B3D92-A765-4AD5-9752-30BA2C71C314}" = Lotus Notes 6.5.1
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68E9F885-3B73-4884-A598-31FC2C7F8E63}" = Symantec Enterprise Vault Outlook Add-In
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DCB63CEC-C6A3-4963-A5D0-6C03EE0CC08F}" = CardScan 6.0.6
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter_is1" = AVS Video Converter 5.6
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"ESET Online Scanner" = ESET Online Scanner v3
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Juniper Network Connect 5.5.0" = Juniper Networks Network Connect 5.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Picasa 3" = Picasa 3
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/13/2011 4:08:35 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/13 15:08:35.484]: [00001496]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 3/13/2011 4:08:36 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/13 15:08:36.484]: [00001496]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 3/13/2011 4:08:37 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/13 15:08:37.484]: [00001496]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 3/13/2011 4:08:38 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/13 15:08:38.484]: [00001496]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 3/13/2011 4:08:39 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/13 15:08:39.484]: [00001496]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 3/13/2011 4:08:40 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/13 15:08:40.484]: [00001496]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 3/13/2011 4:08:41 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/13 15:08:41.500]: [00001496]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 3/14/2011 9:00:22 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/14 20:00:22.500]: [00001524]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 3/25/2011 6:17:48 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/25 17:17:48.015]: [00003176]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 4/9/2011 6:55:45 PM | Computer Name = COMPUTERROOM | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/04/09 17:55:45.218]: [00000408]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

[ System Events ]
Error - 4/9/2011 4:42:28 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 4/9/2011 4:42:28 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 4/9/2011 7:51:44 PM | Computer Name = COMPUTERROOM | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/9/2011 7:51:44 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 4/9/2011 7:51:44 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 4/9/2011 8:04:51 PM | Computer Name = COMPUTERROOM | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/9/2011 8:04:51 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 4/9/2011 8:13:48 PM | Computer Name = COMPUTERROOM | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/9/2011 8:13:49 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 4/9/2011 9:12:11 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7000
Description = The MSCamSvc service failed to start due to the following error: %%2


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    [2011/04/08 21:38:56 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373300r
    [2011/04/08 21:38:56 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373300
    [2011/04/08 21:38:53 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20373300
    [2011/03/09 18:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aMoNaKn06300
    [2011/03/08 20:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fPoMiHl06300
    
    
    :Services
    
    :Reg
    
    :Files
    C:\*.sqm
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
As per your instructions, otl, security check, and estscan (found 1 trojan virus) logs are pasted below:

All processes killed
========== OTL ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Documents and Settings\All Users\Application Data\~20373300r moved successfully.
C:\Documents and Settings\All Users\Application Data\~20373300 moved successfully.
C:\Documents and Settings\All Users\Application Data\20373300 moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\aMoNaKn06300\ not found.
Folder C:\Documents and Settings\All Users\Application Data\fPoMiHl06300\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmdata18.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmnoopt18.sqm moved successfully.
C:\sqmnoopt19.sqm moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DrakaITAdministrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: gary
->Temp folder emptied: 558116 bytes
->Temporary Internet Files folder emptied: 15791426 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: menezesa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 6758 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: sak
->Temp folder emptied: 4633 bytes
->Temporary Internet Files folder emptied: 6291408 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 5987834 bytes
->Flash cache emptied: 635 bytes

User: trackitadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14869 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2140 bytes

Total Files Cleaned = 27.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: DrakaITAdministrator
->Flash cache emptied: 0 bytes

User: gary
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: menezesa
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: sak
->Flash cache emptied: 0 bytes

User: trackitadmin

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04092011_223619

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB153.tmp not found!
File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB15F.tmp not found!
File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB1C2.tmp not found!
File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB1D0.tmp not found!
File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB202.tmp not found!
File\Folder C:\Documents and Settings\gary\Local Settings\Temp\~DFB217.tmp not found!
C:\Documents and Settings\gary\Local Settings\Temporary Internet Files\Content.IE5\VMM7P7WX\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\gary\Local Settings\Temporary Internet Files\Content.IE5\VMM7P7WX\sh38[1].html moved successfully.
C:\Documents and Settings\gary\Local Settings\Temporary Internet Files\Content.IE5\CN8ORI2X\topic163660[3].html moved successfully.

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


EstScan
C:\System Volume Information\_restore{FA875E9E-119A-47CB-96BC-8E05860641D8}\RP158\A0009426.exe a variant of Win32/Kryptik.MLF trojan
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

Eset finding is in one of your restore points, which we're about to reset.

====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Status
Not open for further replies.
Back