Inactive Browser redirect

Status
Not open for further replies.
Nneka

Nneka

Posts: 7   +0
Hi, when I open Google and click a search result it redirects me to Google.com/webhp. And other times it redirects to Yellow Pages and Adult Friend Finder. I tried booting up in Safe Mode and Running MWB and found 3 files that I deleted but the problem is still here.

Any help would be really appreciated!
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-02 13:04:55
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.8.16
Running: 9xgvggqm.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxwcrpob.sys


---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 680
Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 2184
Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 2928

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Owner at 13:12:55 on 2012-06-02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.58 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE
C:\Program Files\LTCM Client\ltcmScheduler.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Owner\My Documents\Downloads\9xgvggqm.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Windows Firewall] c:\docume~1\owner\locals~1\temp\isass.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\owner\local settings\application data\akamai\netsession_win.exe"
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihwa.exe /ept "epltarget\P0000000000000000" /M "WorkForce 545"
uRun: [ltcmScheduler] c:\program files\ltcm client\ltcmScheduler.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FD923E72-72BA-43D8-ABAE-9590290DEB1F} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\k0ruarmh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.studentscholarships.org/scholarship.php
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-11 40776]
.
=============== Created Last 30 ================
.
2012-06-02 16:00:27 -------- d-----w- c:\documents and settings\owner\application data\MSNInstaller
2012-05-05 15:59:34 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-05 15:04:02 -------- d-----w- c:\documents and settings\owner\Adobe InDesign CS5.5
2012-05-05 15:00:25 -------- d-----w- c:\documents and settings\owner\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-05-05 15:00:21 -------- d-----w- c:\program files\Adobe Download Assistant
.
==================== Find3M ====================
.
2012-06-02 17:27:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-05 15:59:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 15:59:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-27 19:17:27 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 13:14:09.90 ===============






ATTACH.TXT:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/25/2010 9:34:18 PM
System Uptime: 6/2/2012 10:38:45 AM (3 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F8403
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 17.636 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP466: 3/26/2012 12:52:09 PM - System Checkpoint
RP467: 3/27/2012 1:30:01 PM - System Checkpoint
RP468: 3/28/2012 2:33:12 PM - System Checkpoint
RP469: 3/29/2012 4:12:18 PM - System Checkpoint
RP470: 3/30/2012 4:28:14 PM - System Checkpoint
RP471: 3/31/2012 5:32:54 PM - System Checkpoint
RP472: 4/1/2012 9:40:17 PM - System Checkpoint
RP473: 4/2/2012 10:38:10 PM - System Checkpoint
RP474: 4/3/2012 10:47:30 PM - System Checkpoint
RP475: 4/5/2012 8:33:32 AM - System Checkpoint
RP476: 4/6/2012 8:40:43 AM - System Checkpoint
RP477: 4/7/2012 9:32:27 AM - System Checkpoint
RP478: 4/8/2012 11:17:00 AM - System Checkpoint
RP479: 4/9/2012 11:41:30 AM - System Checkpoint
RP480: 4/10/2012 11:45:14 AM - System Checkpoint
RP481: 4/11/2012 12:38:23 PM - System Checkpoint
RP482: 4/12/2012 2:58:14 PM - System Checkpoint
RP483: 4/13/2012 3:33:23 PM - System Checkpoint
RP484: 4/14/2012 3:36:01 PM - System Checkpoint
RP485: 4/15/2012 4:23:23 PM - System Checkpoint
RP486: 4/16/2012 5:37:27 PM - System Checkpoint
RP487: 4/17/2012 5:54:47 PM - System Checkpoint
RP488: 4/18/2012 7:42:00 PM - System Checkpoint
RP489: 4/19/2012 9:44:14 PM - System Checkpoint
RP490: 4/20/2012 10:31:23 PM - System Checkpoint
RP491: 4/21/2012 11:31:24 PM - System Checkpoint
RP492: 4/23/2012 8:22:13 AM - System Checkpoint
RP493: 4/24/2012 8:34:18 AM - System Checkpoint
RP494: 4/25/2012 8:35:26 AM - System Checkpoint
RP495: 4/26/2012 9:31:10 AM - System Checkpoint
RP496: 4/27/2012 10:31:11 AM - System Checkpoint
RP497: 4/28/2012 1:56:26 PM - System Checkpoint
RP498: 4/29/2012 4:16:01 PM - System Checkpoint
RP499: 4/30/2012 4:57:27 PM - System Checkpoint
RP500: 5/1/2012 7:56:14 PM - System Checkpoint
RP501: 5/2/2012 9:46:30 PM - System Checkpoint
RP502: 5/4/2012 8:34:32 AM - System Checkpoint
RP503: 5/5/2012 9:38:20 AM - System Checkpoint
RP504: 5/6/2012 9:58:33 AM - System Checkpoint
RP505: 5/7/2012 10:50:14 AM - System Checkpoint
RP506: 5/8/2012 10:50:30 AM - System Checkpoint
RP507: 5/8/2012 2:00:18 PM - Software Distribution Service 3.0
RP508: 5/9/2012 2:00:27 PM - Software Distribution Service 3.0
RP509: 5/10/2012 2:45:28 PM - System Checkpoint
RP510: 5/11/2012 3:39:16 PM - System Checkpoint
RP511: 5/12/2012 4:22:46 PM - System Checkpoint
RP512: 5/13/2012 4:54:36 PM - System Checkpoint
RP513: 5/14/2012 5:08:15 PM - System Checkpoint
RP514: 5/15/2012 5:28:42 PM - System Checkpoint
RP515: 5/16/2012 5:45:22 PM - System Checkpoint
RP516: 5/17/2012 6:55:55 PM - System Checkpoint
RP517: 5/18/2012 7:05:41 PM - System Checkpoint
RP518: 5/19/2012 8:29:17 PM - System Checkpoint
RP519: 5/20/2012 9:09:06 PM - System Checkpoint
RP520: 5/21/2012 10:39:11 PM - System Checkpoint
RP521: 5/22/2012 11:05:20 PM - System Checkpoint
RP522: 5/23/2012 11:33:01 PM - System Checkpoint
RP523: 5/25/2012 12:06:17 AM - System Checkpoint
RP524: 5/26/2012 1:03:45 AM - System Checkpoint
RP525: 5/27/2012 1:37:52 AM - System Checkpoint
RP526: 5/28/2012 11:17:52 AM - System Checkpoint
RP527: 5/29/2012 11:37:42 AM - System Checkpoint
RP528: 5/30/2012 11:38:20 AM - System Checkpoint
RP529: 5/31/2012 6:03:58 PM - System Checkpoint
RP530: 6/1/2012 6:40:47 PM - System Checkpoint
RP531: 6/2/2012 10:36:30 AM - Restore Operation
RP532: 6/2/2012 10:39:41 AM - Restore Operation
RP533: 6/2/2012 10:45:54 AM - Removed Adobe Community Help
RP534: 6/2/2012 10:46:07 AM - Removed Adobe Content Viewer
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Akamai NetSession Interface
Akamai NetSession Interface Service
Algebra 2 6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Coupon Printer for Windows
eKnowledge
EPSON Scan
EPSON WorkForce 545 Series Printer Uninstall
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
Kodak EasyShare software
Learn To Speak Spanish 8.1
LG USB Modem driver
LTCM Client
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Picture It! Photo Premium 9
Microsoft Silverlight
Microsoft Streets and Trips 2004
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite Add-in for Microsoft Word
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
mIRC
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Progressive Reader
QuickTime
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Shockwave
SoundMAX
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885884
.
==== Event Viewer Messages From Past Week ========
.
6/2/2012 9:50:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
6/2/2012 9:49:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/2/2012 12:04:45 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001111C31E40 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/2/2012 10:31:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
6/1/2012 1:07:20 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/31/2012 9:07:20 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/31/2012 7:07:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/31/2012 6:07:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/31/2012 5:37:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/31/2012 5:22:34 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
5/31/2012 5:22:04 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/31/2012 5:21:36 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
5/30/2012 11:47:43 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/30/2012 11:47:41 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
5/29/2012 5:39:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.
5/27/2012 10:25:45 AM, error: Dhcp [1002] - The IP address lease 72.190.124.194 for the Network Card with network address 001111C31E40 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================





MBAM LOG:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Owner :: ALL-BA2E8B9613A [administrator]

6/2/2012 12:28:58 PM
mbam-log-2012-06-02 (12-28-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219164
Time elapsed: 40 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Firewall (Worm.PushBot) -> Data: C:\DOCUME~1\Owner\LOCALS~1\Temp\isass.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\upaw4kmf\default[55].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

(end)
 
You have been infected with a worm, Win32/Pushbot from a family of worms that spreads using MSN Messenger. Pushbot variants contain an IRC-based backdoor via which they may receive instructions to download and execute arbitrary files, send messages to MSN Messenger contacts, and retrieve information from protected storage.

Frequently, although we can remove entries we find, a Backdoor will have already compromised a system. Please DO NOT use any of your instant messaging programs while we try to clean the system.
===================================================
  • Download OTL from one of the links below and save it to your desktop.
    OTL.exe
    OTL.com
    OTL.scr
    You just need one. Sometimes the file extension gets blocked.

    Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  • Double click the OTL icon to run it.
    OTL_icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code: 
    netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
winlogon.exe
userinit.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
==========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.

Please leave both of the OTL logs in your next reply.
 
You have been infected with a worm, Win32/Pushbot from a family of worms that spreads using MSN Messenger. Pushbot variants contain an IRC-based backdoor via which they may receive instructions to download and execute arbitrary files, send messages to MSN Messenger contacts, and retrieve information from protected storage.

Frequently, although we can remove entries we find, a Backdoor will have already compromised a system. Please DO NOT use any of your instant messaging programs while we try to clean the system.
===================================================
  • Download OTL from one of the links below and save it to your desktop.
    OTL.exe
    OTL.com
    OTL.scr
    You just need one. Sometimes the file extension gets blocked.

    Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  • Double click the OTL icon to run it.
    OTL_icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code: 
    netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
winlogon.exe
userinit.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
==========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.

Please leave both of the OTL logs in your next reply.
 
OTL.TXT

OTL logfile created on: 6/3/2012 11:44:48 AM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 291.21 Mb Available Physical Memory | 57.10% Memory free
1.22 Gb Paging File | 1.02 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.56 Gb Total Space | 16.63 Gb Free Space | 49.56% Space Free | Partition Type: NTFS
Drive D: | 698.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ALL-BA2E8B9613A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\LTCM Client\ltcmScheduler.exe (Leader Technologies Inc.)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
SRV - (ClipSrv) -- C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation)
DRV - (dmio) -- C:\WINDOWS\system32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
DRV - (dmload) -- C:\WINDOWS\system32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS409
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.studentscholarships.org/scholarship.php"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/02 11:03:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/20 13:53:06 | 000,000,000 | ---D | M]

[2010/12/08 20:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/05/02 16:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k0ruarmh.default\extensions
[2012/06/02 11:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/17 17:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/17 17:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/12 08:57:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ltcmScheduler] C:\Program Files\LTCM Client\ltcmScheduler.exe (Leader Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD923E72-72BA-43D8-ABAE-9590290DEB1F}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/25 22:32:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/29 11:29:21 | 000,000,027 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{10c3d7f5-03de-11e1-9c1b-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{10c3d7f5-03de-11e1-9c1b-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{4bfb43a4-a68a-11e1-9d22-001111c31e40}\Shell\AutoRun\command - "" = I:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{4bfb43a4-a68a-11e1-9d22-001111c31e40}\Shell\open\command - "" = I:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{51542048-5697-11e1-9c73-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{51542048-5697-11e1-9c73-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{5e71d40b-2185-11e0-99e0-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{5e71d40b-2185-11e0-99e0-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{aba3eb68-5c31-11e1-9c7f-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{aba3eb68-5c31-11e1-9c7f-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{dca77820-527c-11e0-9a2c-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{dca77820-527c-11e0-9a2c-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/03 11:40:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2012/06/03 11:40:22 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/06/02 14:52:54 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/06/02 13:12:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2012/06/02 11:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/02 11:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2012/05/30 22:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/05/30 22:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/05/30 21:47:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly
[2012/05/29 10:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Copy-Cat Recipes
[2012/05/13 15:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2012/05/05 10:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Adobe InDesign CS5.5
[2012/05/05 10:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/05 10:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/03 11:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/03 11:40:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2012/06/03 11:40:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/06/03 10:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/02 18:44:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/02 14:53:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/02 14:42:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/02 12:27:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/02 11:03:13 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/02 11:03:13 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/06/02 09:50:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 23:28:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/31 17:21:16 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2012/05/30 14:26:47 | 000,031,294 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/05/25 12:14:35 | 000,114,206 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3RESIZE2.jpg
[2012/05/25 12:10:14 | 000,318,386 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NIKKI_3RESIZE.jpg
[2012/05/22 09:28:40 | 000,081,653 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tumblr_m45gp4lqtf1qa09cwo1_500.png
[2012/05/18 23:20:23 | 000,054,552 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0910_Yearbook.jpg
[2012/05/05 14:58:50 | 003,536,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/05 10:00:22 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/02 11:03:13 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/02 11:03:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/02 11:03:13 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/06/02 09:50:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/30 22:02:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/25 12:18:45 | 003,384,777 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_11.jpg
[2012/05/25 12:18:41 | 002,733,950 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_6.jpg
[2012/05/25 12:18:41 | 002,222,739 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_7.jpg
[2012/05/25 12:18:41 | 001,224,192 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_5.jpg
[2012/05/25 12:18:41 | 001,208,842 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_4_BW.jpg
[2012/05/25 12:18:41 | 001,070,764 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_8.jpg
[2012/05/25 12:18:41 | 000,981,739 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_5_BW.jpg
[2012/05/25 12:18:41 | 000,186,369 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_9.jpg
[2012/05/25 12:18:41 | 000,172,636 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_9_BW.jpg
[2012/05/25 12:18:40 | 001,289,354 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_4.jpg
[2012/05/25 12:18:32 | 005,861,897 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_2.jpg
[2012/05/25 12:18:32 | 004,487,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_1.jpg
[2012/05/25 12:13:03 | 000,114,206 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3RESIZE2.jpg
[2012/05/25 12:10:12 | 000,318,386 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NIKKI_3RESIZE.jpg
[2012/05/22 09:28:39 | 000,081,653 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tumblr_m45gp4lqtf1qa09cwo1_500.png
[2012/05/18 23:20:23 | 000,054,552 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0910_Yearbook.jpg
[2012/05/10 01:09:41 | 002,104,961 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3.jpg
[2012/05/10 01:09:21 | 004,134,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_10.jpg
[2012/05/05 10:00:22 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/05/05 10:00:22 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2012/04/14 12:07:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\asr32312.dll
[2012/04/14 12:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2012/03/31 20:33:17 | 000,048,256 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/11 21:34:52 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF545.ini
[2011/09/30 03:13:14 | 000,000,084 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2011/06/30 21:19:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{75D4457B-F2AE-45AC-87EE-22C2E13D00E1}
[2011/01/16 16:37:37 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 08:41:41 | 000,000,572 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/12/08 20:32:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/07 21:39:02 | 000,031,294 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/12/01 21:50:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/25 22:57:11 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/11/25 22:34:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/25 22:29:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/25 16:14:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/25 16:13:04 | 003,536,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/04/27 07:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2012/03/11 22:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/05/05 11:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/02/23 08:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/30 18:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2012/05/05 10:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/13 15:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2012/03/12 09:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leader Technologies
[2012/03/11 21:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/06/09 14:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Learn2.com
[2010/12/23 16:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Local
[2011/01/25 18:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MPEG Streamclip
[2012/06/02 11:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2011/01/19 13:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2012/04/27 02:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinZip
[2012/05/31 17:21:16 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004/08/12 08:57:20 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/12 08:57:20 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/12 09:08:07 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/12 09:08:07 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/12 09:09:30 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/12 09:09:30 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB18763$] -> Error: Cannot create file handle -> Unknown point type

< End of report >





EXTRAS.TXT


OTL Extras logfile created on: 6/3/2012 11:44:48 AM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 291.21 Mb Available Physical Memory | 57.10% Memory free
1.22 Gb Paging File | 1.02 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.56 Gb Total Space | 16.63 Gb Free Space | 49.56% Space Free | Partition Type: NTFS
Drive D: | 698.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ALL-BA2E8B9613A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAC369E4-EEFD-98D7-058C-D3A625CD6825}" = eKnowledge
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"6th" = Algebra 2 6.0
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.app.eKnowledge.37BB4A51AA57BBBCCE9D5AE66A70970990347557.1" = eKnowledge
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 545 Series" = EPSON WorkForce 545 Series Printer Uninstall
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Learn To Speak Spanish 8.1" = Learn To Speak Spanish 8.1
"LTCM Client" = LTCM Client
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"mIRC" = mIRC
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"Progressive Reader_is1" = Progressive Reader
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Shockwave" = Shockwave

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2012 11:37:23 PM | Computer Name = ALL-BA2E8B9613A | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.4030.0, faulting module
winword.exe, version 10.0.4030.0, fault address 0x00004c4f.

Error - 5/18/2012 11:20:23 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/23/2012 8:31:00 AM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/23/2012 5:01:08 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.3698, fault address 0x0006c5da.

Error - 5/23/2012 5:01:29 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.3698, fault address 0x0007240e.

Error - 5/23/2012 5:01:31 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Error | ID = 1001
Description = Fault bucket 1904188042.

Error - 5/24/2012 5:53:08 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/25/2012 12:57:56 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/31/2012 7:47:15 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/2/2012 10:43:06 AM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/2/2012 11:54:38 AM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/2/2012 2:28:09 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
 
You're having a lot of hanging applications> either having a problem starting up or shutting down. But I don't see common cause. In addition to the redirects, is the system crashing and giving you blue screens?
-------------------------------------------
Please go ahead and run the following:
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code: 
    :OTL
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{10c3d7f5-03de-11e1-9c1b-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{10c3d7f5-03de-11e1-9c1b-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{4bfb43a4-a68a-11e1-9d22-001111c31e40}\Shell\AutoRun\command - "" = I:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{4bfb43a4-a68a-11e1-9d22-001111c31e40}\Shell\open\command - "" = I:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{51542048-5697-11e1-9c73-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{51542048-5697-11e1-9c73-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{5e71d40b-2185-11e0-99e0-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{5e71d40b-2185-11e0-99e0-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{aba3eb68-5c31-11e1-9c7f-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{aba3eb68-5c31-11e1-9c7f-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{dca77820-527c-11e0-9a2c-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{dca77820-527c-11e0-9a2c-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2012/05/31 17:21:16 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2011/01/19 13:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]5
[emptyjava]
[resethosts]
[CreateRestorePoint]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-----------------------------------

When you have finished with the OTL Fix:please run the following in Normal Mode:

Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
===================================================
Let me know how the system is doing after you run the 2 above scans. Leave the new logs in your next reply.
 
The windows explorer does occasionally crash and the computer freezes up and takes a while to shut down. The MBAM log did not show any malicious threats detected. Also, I'm extremely grateful that you're helping me! Thanks so much!

OTL Quick Scan Log

OTL logfile created on: 6/4/2012 2:30:24 PM - Run 2
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 156.86 Mb Available Physical Memory | 30.76% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.56 Gb Total Space | 22.14 Gb Free Space | 65.96% Space Free | Partition Type: NTFS
Drive D: | 698.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ALL-BA2E8B9613A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\LTCM Client\ltcmScheduler.exe (Leader Technologies Inc.)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
SRV - (ClipSrv) -- C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation)
DRV - (dmio) -- C:\WINDOWS\system32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
DRV - (dmload) -- C:\WINDOWS\system32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS409
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.studentscholarships.org/scholarship.php"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/02 11:03:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/20 13:53:06 | 000,000,000 | ---D | M]

[2010/12/08 20:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/05/02 16:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k0ruarmh.default\extensions
[2012/06/02 11:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/17 17:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/17 17:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/04 14:23:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ltcmScheduler] C:\Program Files\LTCM Client\ltcmScheduler.exe (Leader Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD923E72-72BA-43D8-ABAE-9590290DEB1F}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/25 22:32:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/29 11:29:21 | 000,000,027 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 14:17:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/03 11:40:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2012/06/03 11:40:22 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/06/02 14:52:54 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/06/02 13:12:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2012/06/02 11:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/02 11:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2012/05/30 22:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/05/30 22:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/05/30 21:47:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly
[2012/05/29 10:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Copy-Cat Recipes
[2012/05/13 15:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\EPSON

========== Files - Modified Within 30 Days ==========

[2012/06/04 14:26:31 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/04 14:26:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/04 14:23:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/04 13:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/04 13:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/04 12:12:14 | 000,069,751 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\image001.jpg
[2012/06/03 11:40:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2012/06/03 11:40:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/06/02 14:42:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/02 12:27:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/02 11:03:13 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/02 11:03:13 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/06/02 09:50:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 23:28:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/30 14:26:47 | 000,031,294 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/05/25 12:14:35 | 000,114,206 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3RESIZE2.jpg
[2012/05/25 12:10:14 | 000,318,386 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NIKKI_3RESIZE.jpg
[2012/05/22 09:28:40 | 000,081,653 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tumblr_m45gp4lqtf1qa09cwo1_500.png
[2012/05/18 23:20:23 | 000,054,552 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0910_Yearbook.jpg
[2012/05/05 14:58:50 | 003,536,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/04 12:12:13 | 000,069,751 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\image001.jpg
[2012/06/02 11:03:13 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/02 11:03:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/02 11:03:13 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/06/02 09:50:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/30 22:02:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/25 12:18:45 | 003,384,777 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_11.jpg
[2012/05/25 12:18:41 | 002,733,950 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_6.jpg
[2012/05/25 12:18:41 | 002,222,739 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_7.jpg
[2012/05/25 12:18:41 | 001,224,192 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_5.jpg
[2012/05/25 12:18:41 | 001,208,842 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_4_BW.jpg
[2012/05/25 12:18:41 | 001,070,764 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_8.jpg
[2012/05/25 12:18:41 | 000,981,739 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_5_BW.jpg
[2012/05/25 12:18:41 | 000,186,369 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_9.jpg
[2012/05/25 12:18:41 | 000,172,636 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_9_BW.jpg
[2012/05/25 12:18:40 | 001,289,354 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_4.jpg
[2012/05/25 12:18:32 | 005,861,897 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_2.jpg
[2012/05/25 12:18:32 | 004,487,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_1.jpg
[2012/05/25 12:13:03 | 000,114,206 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3RESIZE2.jpg
[2012/05/25 12:10:12 | 000,318,386 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NIKKI_3RESIZE.jpg
[2012/05/22 09:28:39 | 000,081,653 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tumblr_m45gp4lqtf1qa09cwo1_500.png
[2012/05/18 23:20:23 | 000,054,552 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0910_Yearbook.jpg
[2012/05/10 01:09:41 | 002,104,961 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3.jpg
[2012/05/10 01:09:21 | 004,134,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_10.jpg
[2012/04/14 12:07:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\asr32312.dll
[2012/04/14 12:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2012/03/31 20:33:17 | 000,048,256 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/11 21:34:52 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF545.ini
[2011/09/30 03:13:14 | 000,000,084 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2011/06/30 21:19:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{75D4457B-F2AE-45AC-87EE-22C2E13D00E1}
[2011/01/16 16:37:37 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 08:41:41 | 000,000,572 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/12/08 20:32:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/07 21:39:02 | 000,031,294 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/12/01 21:50:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/25 22:57:11 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/11/25 22:34:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/25 22:29:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/25 16:14:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/25 16:13:04 | 003,536,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/04/27 07:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2012/03/11 22:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/05/05 11:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/02/23 08:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/30 18:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2012/05/05 10:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/13 15:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2012/03/12 09:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leader Technologies
[2012/03/11 21:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/06/09 14:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Learn2.com
[2010/12/23 16:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Local
[2011/01/25 18:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MPEG Streamclip
[2012/06/02 11:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2012/04/27 02:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinZip

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB18763$] -> Error: Cannot create file handle -> Unknown point type

< End of report >




MBAM FULL SCAN

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Owner :: ALL-BA2E8B9613A [administrator]

6/4/2012 2:43:14 PM
mbam-log-2012-06-04 (14-43-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238890
Time elapsed: 48 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
I'm glad to help. Hopefully we can get you running smoothly.

Nikki, please check the following:

Unexplained Windows Explorer crashed can occur when hidden files and folders are not hidden:

Click on the Control Pane> Folder Options> View tab> Make sure the following are checked:
Hidden files and folder section:
1. Check> Do not show hedden files and folders
2. Check> Hide protected operating system files. (Recommended.)

If you had to make any changes, when through click on Apply> OK
Close Folder Options.
If you had to make changes, see if this prevents the Explorer crashes.
=================================================
If you have another Windows Explorer crash, note the time on the computer clock and remember what you were trying to do at the time of the crash. Give me the informarion for both.
===============================================
There are 2 missing files and could be causing or contributing to the crashes. I can replace them is we can find them:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

For 64bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
hidserv.*
appmgmts.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
=============================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Please leave logs for System Lookand the Eset scan in your next reply.
 
ESET Online Scanner did not find any infected files.



SystemLook Log:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:50 on 05/06/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "hidserv.*"
C:\WINDOWS\inf\hidserv.inf --a---- 4433 bytes [13:57 12/08/2004] [13:57 12/08/2004] 5C5A804D06B394EF246DE2D04B193C5F
C:\WINDOWS\inf\hidserv.PNF --a---- 12720 bytes [21:14 25/11/2010] [21:14 25/11/2010] F79FD072CC496A3F191FC3660C9C0FED
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hidserv.dll --a---- 21504 bytes [00:11 14/04/2008] [00:11 14/04/2008] DEB04DA35CC871B6D309B77E1443C796
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ic\hidserv.inf --a---- 4433 bytes [16:28 13/04/2008] [16:28 13/04/2008] 891A5A1F3BDB9E893DD2B00176E37099

Searching for "appmgmts.*"
No files found.

-= EOF =-
 
Have there been any changes in the system? Do you have the CD for the operating system?
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
628
Feng Lengshun
F
Mickey1
PC Freezes & won't open anything
Replies
3
Views
509
info12345
info12345
Z
Microsoft Edge under fire for stealing Chrome browser tabs
Replies
18
Views
373
Bamda
Bamda

Latest posts

Back