Solved Multiple csrss.exe running

darsh · Apr 13, 2011

I went through the 8 steps that you guys provided and am still having troubles with my computer saying that one of the csrss.exe files cannot be located, which is limiting my usage of my computer, or so I think. Below are the requested logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6346

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/12/2011 4:50:32 PM
mbam-log-2011-04-12 (16-50-32).txt

Scan type: Quick scan
Objects scanned: 1372
Time elapsed: 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\6to4v32.dll (Backdoor.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent.Gen) -> Bad: (C:\DOCUME~1\me\LOCALS~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\6to4v32.dll (Backdoor.Agent) -> Delete on reboot.
c:\Documents and Settings\me\Local Settings\Temp\csrss.exe (Trojan.Agent.Gen) -> Delete on reboot.

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-13 13:03:59
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD080HJ/P rev.ZH100-51
Running: 0ibsqt44.exe; Driver: C:\DOCUME~1\me\LOCALS~1\Temp\awrcyfod.sys

---- System - GMER 1.0.15 ----

SSDT BA7BBE8E ZwCreateKey
SSDT BA7BBE84 ZwCreateThread
SSDT BA7BBE93 ZwDeleteKey
SSDT BA7BBE9D ZwDeleteValueKey
SSDT BA7BBEA2 ZwLoadKey
SSDT BA7BBE70 ZwOpenProcess
SSDT BA7BBE75 ZwOpenThread
SSDT BA7BBEAC ZwReplaceKey
SSDT BA7BBEA7 ZwRestoreKey
SSDT BA7BBE98 ZwSetValueKey

---- User code sections - GMER 1.0.15 ----

? C:\DOCUME~1\me\LOCALS~1\Temp\csrss.exe[1992] number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: RASAPI32.dllunknown module: WINHTTP.dll
.tls C:\DOCUME~1\me\LOCALS~1\Temp\csrss.exe[1992] C:\DOCUME~1\me\LOCALS~1\Temp\csrss.exe unknown last section [0x0042C000, 0x3D000, 0x40000040]
.text C:\WINDOWS\SMINST\Scheduler.exe[3328] USER32.dll!GetSysColor 77D48E50 5 Bytes JMP 00419330 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3328] USER32.dll!GetSysColorBrush 77D48E83 5 Bytes JMP 004193A0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3328] USER32.dll!SetScrollInfo 77D4902C 7 Bytes JMP 00419220 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3328] USER32.dll!GetScrollPos 77D4F66F 5 Bytes JMP 004191B0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3328] USER32.dll!SetScrollRange 77D4F6BB 5 Bytes JMP 004192A0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3328] USER32.dll!SetScrollPos 77D4F780 5 Bytes JMP 00419260 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3328] USER32.dll!GetScrollRange 77D4F7B7 5 Bytes JMP 004191E0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3328] USER32.dll!ShowScrollBar 77D50142 5 Bytes JMP 004192F0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3328] USER32.dll!GetScrollInfo 77D53A2F 7 Bytes JMP 00419170 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3328] USER32.dll!EnableScrollBar 77D97BAD 7 Bytes JMP 00419130 C:\WINDOWS\SMINST\Scheduler.exe

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\MacOS\AELicensingPlugin 16128 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\Resources\French.lproj 0 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\Resources\French.lproj\LicensePlugin.nib 0 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\Resources\French.lproj\LicensePlugin.nib\keyedobjects.nib 14846 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\Resources\German.lproj 0 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\Resources\German.lproj\Localizable.strings 125 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\Resources\Japanese.lproj 0 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\Resources\Japanese.lproj\LicensePlugin.nib 0 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\Resources\Japanese.lproj\LicensePlugin.nib\keyedobjects.nib 15796 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\Resources\zh_CN.lproj 0 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\Resources\zh_CN.lproj\LicensePlugin.nib 0 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\Resources\zh_CN.lproj\LicensePlugin.nib\keyedobjects.nib 15626 bytes
File C:\Documents and Settings\Administrator\My Documents\Downloads\Logic Studio 9\Logic Pro 9 Patches\WaveBurner_1.6 Intel noSN Patch.app\LogicStudio_noSN Installer Patch.app\Contents\Resources\Patch1\Data\Contents\Plugins\AELicensingPlugin.bundle\Contents\_CodeSignature\CodeResources 187 bytes

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by me at 14:05:33.90 on Wed 04/13/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1476 [GMT -5:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\me\Application Data\dwm.exe
C:\Documents and Settings\me\Application Data\Microsoft\conhost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\me\My Documents\Downloads\dds(3).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hp.com
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = http=127.0.0.1:58323
mWinlogon: Userinit=userinit.exe,
uWinlogon: Shell=explorer.exe,c:\documents and settings\me\application data\dwm.exe
uWindows: load=c:\docume~1\me\locals~1\temp\csrss.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: GamePlayLabsBHO Class: {984a9162-8891-4d19-8cfe-17648bb4e1ec} - c:\program files\browser plugin\BHO.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [conhost] c:\documents and settings\me\application data\microsoft\conhost.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\pvzyfs5o.default\
FF - prefs.js: browser.startup.homepage - hxxp://u.northwestern.edu/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58323
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-12 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-12 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-12 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-12 61960]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-6-20 540448]
S0 gxiwzd;gxiwzd;c:\windows\system32\drivers\rehufqgl.sys [2011-1-20 53888]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]
.
=============== Created Last 30 ================
.
2011-04-13 18:07:59 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-04-13 18:07:59 215920 ----a-w- c:\windows\system32\muweb.dll
2011-04-13 18:07:59 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-04-13 17:03:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-13 17:03:52 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-13 17:03:52 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-13 17:03:51 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-13 17:03:51 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-13 17:03:51 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-13 17:03:51 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-13 17:03:51 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-12 22:00:36 -------- d-----w- c:\windows\system32\NtmsData
2011-04-12 21:59:13 -------- d-----w- c:\docume~1\me\applic~1\Avira
2011-04-12 21:57:56 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-12 21:57:55 -------- d-----w- c:\program files\Avira
2011-04-12 21:57:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-04-12 21:40:00 -------- d-----w- c:\docume~1\me\applic~1\Malwarebytes
2011-04-12 21:39:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 21:39:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-12 21:39:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-12 21:39:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 18:22:20 -------- d-----w- c:\docume~1\me\locals~1\applic~1\Adobe
2011-04-12 17:49:15 6200 ----a-w- c:\windows\system32\INT13EXT.VXD
2011-04-12 17:49:14 -------- d-----w- c:\program files\PC Inspector File Recovery
2011-04-12 15:25:45 180224 ----a-w- c:\docume~1\me\applic~1\dwm.exe
2011-04-12 15:22:35 -------- d-----w- c:\docume~1\me\locals~1\applic~1\Mozilla
2011-04-12 15:20:43 -------- d-----w- c:\docume~1\me\applic~1\Piiw
2011-04-12 15:20:42 -------- d-----w- c:\docume~1\me\applic~1\Ikruy
2011-04-12 15:18:42 -------- d-----w- c:\docume~1\me\applic~1\whitesmoketoolbar
2011-04-04 19:51:09 -------- d-----w- c:\program files\IrfanView
2011-03-16 19:14:38 -------- d-----w- c:\program files\iPod
2011-03-16 19:14:34 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-01-31 14:44:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-01-20 22:28:07 18297 ----a-w- c:\windows\system32\MAI374.tmp
.
============= FINISH: 14:06:00.68 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2007 1:53:57 PM
System Uptime: 4/13/2011 1:33:23 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 0A60h
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | XU1 PROCESSOR | 3192/800mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | XU2 PROCESSOR | 3192/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 65 GiB total, 14.474 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.827 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4329&SUBSYS_7D001385&REV_01\4&3721BFB3&0&48F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4329&SUBSYS_7D001385&REV_01\4&3721BFB3&0&48F0
Service:
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&DE53A73&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&DE53A73&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&DE53A73&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&DE53A73&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1: 1/21/2011 9:37:53 PM - System Checkpoint
RP2: 1/26/2011 6:00:47 PM - System Checkpoint
RP3: 1/27/2011 9:48:27 PM - System Checkpoint
RP4: 1/28/2011 10:29:02 PM - System Checkpoint
RP5: 1/29/2011 11:29:02 PM - System Checkpoint
RP6: 1/30/2011 11:55:57 PM - System Checkpoint
RP7: 2/1/2011 3:00:06 PM - System Checkpoint
RP8: 2/3/2011 11:37:12 AM - System Checkpoint
RP9: 2/6/2011 1:03:46 PM - System Checkpoint
RP10: 2/7/2011 2:00:48 PM - System Checkpoint
RP11: 2/8/2011 3:00:48 PM - System Checkpoint
RP12: 2/9/2011 4:00:48 PM - System Checkpoint
RP13: 2/10/2011 5:01:54 PM - System Checkpoint
RP14: 2/11/2011 6:00:48 PM - System Checkpoint
RP15: 2/12/2011 8:14:48 PM - System Checkpoint
RP16: 2/13/2011 9:00:48 PM - System Checkpoint
RP17: 2/14/2011 10:00:48 PM - System Checkpoint
RP18: 2/15/2011 11:00:48 PM - System Checkpoint
RP19: 2/17/2011 9:36:51 AM - System Checkpoint
RP20: 2/18/2011 10:00:50 AM - System Checkpoint
RP21: 2/19/2011 4:18:52 PM - System Checkpoint
RP22: 2/21/2011 2:59:50 AM - System Checkpoint
RP23: 2/23/2011 1:57:11 AM - System Checkpoint
RP24: 2/23/2011 3:00:14 AM - Software Distribution Service 3.0
RP25: 2/24/2011 3:22:27 AM - System Checkpoint
RP26: 2/25/2011 3:53:29 AM - System Checkpoint
RP27: 2/26/2011 4:53:29 AM - System Checkpoint
RP28: 2/27/2011 6:29:29 AM - System Checkpoint
RP29: 2/28/2011 6:53:29 AM - System Checkpoint
RP30: 3/1/2011 7:53:30 AM - System Checkpoint
RP31: 3/2/2011 7:53:35 AM - System Checkpoint
RP32: 3/3/2011 8:53:35 AM - System Checkpoint
RP33: 3/4/2011 8:09:52 PM - System Checkpoint
RP34: 3/5/2011 8:21:46 PM - System Checkpoint
RP35: 3/6/2011 8:52:23 PM - System Checkpoint
RP36: 3/7/2011 8:53:35 PM - System Checkpoint
RP37: 3/8/2011 9:53:35 PM - System Checkpoint
RP38: 3/10/2011 1:01:21 AM - System Checkpoint
RP39: 3/10/2011 3:00:14 AM - Software Distribution Service 3.0
RP40: 3/11/2011 3:53:35 AM - System Checkpoint
RP41: 3/12/2011 3:53:45 AM - System Checkpoint
RP42: 3/13/2011 5:53:45 AM - System Checkpoint
RP43: 3/14/2011 6:52:28 AM - System Checkpoint
RP44: 3/15/2011 6:53:45 AM - System Checkpoint
RP45: 3/16/2011 2:08:30 PM - Removed Apple Application Support
RP46: 3/16/2011 2:09:43 PM - Removed Apple Mobile Device Support
RP47: 3/17/2011 3:20:41 PM - System Checkpoint
RP48: 3/18/2011 4:06:12 PM - System Checkpoint
RP49: 3/19/2011 5:06:11 PM - System Checkpoint
RP50: 3/20/2011 6:06:11 PM - System Checkpoint
RP51: 3/21/2011 7:06:11 PM - System Checkpoint
RP52: 3/22/2011 8:06:11 PM - System Checkpoint
RP53: 3/23/2011 9:06:11 PM - System Checkpoint
RP54: 3/24/2011 10:06:11 PM - System Checkpoint
RP55: 3/25/2011 11:06:11 PM - System Checkpoint
RP56: 3/27/2011 12:04:16 AM - System Checkpoint
RP57: 3/27/2011 5:56:24 PM - Software Distribution Service 3.0
RP58: 3/29/2011 6:06:16 PM - System Checkpoint
RP59: 3/30/2011 9:56:56 PM - System Checkpoint
RP60: 3/31/2011 10:56:01 PM - System Checkpoint
RP61: 4/1/2011 11:56:01 PM - System Checkpoint
RP62: 4/3/2011 2:38:29 AM - System Checkpoint
RP63: 4/4/2011 2:56:01 AM - System Checkpoint
RP64: 4/6/2011 11:59:54 AM - System Checkpoint
RP65: 4/7/2011 12:52:28 PM - System Checkpoint
RP66: 4/8/2011 1:52:28 PM - System Checkpoint
RP67: 4/9/2011 6:32:57 PM - System Checkpoint
RP68: 4/10/2011 7:29:20 PM - System Checkpoint
RP69: 4/12/2011 12:49:14 PM - Installed PC Inspector File Recovery
RP70: 4/12/2011 4:57:55 PM - Avira AntiVir Personal - 4/12/2011 16:57
.
==== Installed Programs ======================
.
.
µTorrent
2007 Microsoft Office system
7-Zip 4.57
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom Management Programs
Broadcom TPM Driver Installer
Business Contact Manager for Outlook 2007
Convert AVI to MP4 1.3
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB895246)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB923232)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Backup and Recovery Manager
HP Help and Support
HpSdpAppCoreApp
iMPEG Converter 3.8
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
IrfanView (remove only)
iTunes
IZArc 4.1.2
J2SE Runtime Environment 5.0 Update 6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0 (x86 en-US)
MSXML 6 Service Pack 2 (KB973686)
PC Inspector File Recovery
PDF Complete
PowerISO
Programmer's Notepad 2
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Secret Crush Revealer
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Skype Toolbars
Skype™ 5.0
SSH Secure Shell
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office System 2007 Setup (KB929722)
Update for Windows XP (KB898461)
Update for Windows XP (KB911164)
Update for Windows XP (KB925720)
Update for Windows XP (KB931836)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.1
Warcraft III
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB815304
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB886199
Windows XP Hotfix - KB889673
.
==== Event Viewer Messages From Past Week ========
.
4/8/2011 5:39:13 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JACK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{30AC4706-B8C4-4EC9-A. The master browser is stopping or an election is being forced.
4/13/2011 12:09:30 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
4/12/2011 9:48:48 AM, error: Service Control Manager [7034] - The SQL Server (MSSMLBIZ) service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 9:41:03 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 9:41:03 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 9:41:03 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 9:41:03 AM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/12/2011 9:41:03 AM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
4/12/2011 9:41:03 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/12/2011 4:57:17 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
4/12/2011 4:57:17 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\me\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
4/12/2011 4:57:17 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
4/12/2011 4:53:59 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
4/12/2011 4:53:58 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 897e9da0, parameter3 897e9f14, parameter4 805d1658.
4/12/2011 4:51:39 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 4:51:39 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 10:21:52 AM, error: Service Control Manager [7034] - The PC Angel service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 10:21:52 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl
4/12/2011 10:21:52 AM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The system cannot find the file specified.
4/12/2011 1:40:36 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Broni · Apr 13, 2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

I can see what's happening. Let's see, if we can fix it.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

darsh · Apr 15, 2011

Hey, thank you for your advice but for some reason all of a sudden my computer is unable to connect to the internet, because Firefox is stating that the proxy server is refusing connection to the network. I could download these programs that you mentioned before from another computer and transfer them via flash drive, so let me know if that would work or if there is another way to fix this new problem. thanks.

Broni · Apr 15, 2011

Yes, you can use good computer to get those programs.

darsh · Apr 15, 2011

Okay, here are the requested reports:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E3000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEC000 fltMgr.sys
0xB9EDA000 sr.sys
0xB9EC3000 KSecDD.sys
0xB9E36000 Ntfs.sys
0xB9E09000 NDIS.sys
0xB9DEE000 Mup.sys
0xB9C9A000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9C86000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA368000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9C63000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA370000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9C3E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9C14000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA378000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA380000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9C00000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA128000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA398000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA138000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA148000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA158000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9BDD000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA168000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA687000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA178000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA574000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9BC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA188000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA198000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9B8D000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9B5C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5BA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA598000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA1F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5C4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA9552000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA9530000 \SystemRoot\system32\drivers\portcls.sys
0xBA208000 \SystemRoot\system32\drivers\drmk.sys
0xBA5CC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6D7000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D0000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA228000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA428000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA430000 \SystemRoot\System32\drivers\vga.sys
0xBA5D4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA450000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA568000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA94D5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA947D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9455000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9434000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA238000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9412000 \SystemRoot\System32\drivers\afd.sys
0xBA248000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA468000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xBA268000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA9396000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA92FF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA278000 \SystemRoot\System32\Drivers\Fips.SYS
0xA92D9000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5E0000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xBA490000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA558000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA298000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA9406000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA9402000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA2B8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA92C1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5E6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA93DA000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA388000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7CA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF022000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF049000 \SystemRoot\System32\igxpdv32.DLL
0xBF186000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA916C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA9189000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8F0F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8E32000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9279000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8904000 \SystemRoot\system32\DRIVERS\srv.sys
0xA839D000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8209000 \SystemRoot\system32\drivers\kmixer.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA81E6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
692 C:\WINDOWS\system32\smss.exe
744 csrss.exe
768 C:\WINDOWS\system32\winlogon.exe
812 C:\WINDOWS\system32\services.exe
824 C:\WINDOWS\system32\lsass.exe
1004 C:\WINDOWS\system32\svchost.exe
1100 svchost.exe
1216 C:\WINDOWS\system32\svchost.exe
1308 svchost.exe
1352 svchost.exe
1584 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1692 svchost.exe

darsh · Apr 15, 2011

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
-------\Service_gxiwzd
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-14 08:03 . 2011-04-14 08:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-04-13 18:07 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-04-13 18:07 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-04-13 17:03 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-13 17:03 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-13 17:03 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-13 17:03 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-13 17:03 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-13 17:03 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-13 17:03 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-13 17:03 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-12 22:00 . 2011-04-14 18:36 -------- d-----w- c:\windows\system32\NtmsData
2011-04-12 21:57 . 2011-03-04 21:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-12 21:57 . 2011-03-04 19:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-12 21:57 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-12 21:57 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-12 21:57 . 2011-04-12 21:57 -------- d-----w- c:\program files\Avira
2011-04-12 21:57 . 2011-04-12 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-04-12 21:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 21:39 . 2011-04-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-12 21:39 . 2011-04-12 21:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 21:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-12 17:49 . 2002-02-18 23:40 6200 ----a-w- c:\windows\system32\INT13EXT.VXD
2011-04-12 17:49 . 2011-04-12 17:49 -------- d-----w- c:\program files\PC Inspector File Recovery
2011-04-12 15:17 . 2011-04-12 22:03 -------- d-----w- c:\documents and settings\me
2011-04-04 19:51 . 2011-04-04 19:51 -------- d-----w- c:\program files\IrfanView
2011-03-16 19:14 . 2011-03-16 19:14 -------- d-----w- c:\program files\iPod
2011-03-16 19:14 . 2011-03-16 19:15 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-31 14:44 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-01-20 22:28 . 2011-01-20 22:28 18297 ----a-w- c:\windows\system32\MAI374.tmp
2011-03-18 17:53 . 2011-04-13 17:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
.
c:\windows\System32\spoolsv.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 16250880]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-31 273544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/12/2011 4:57 PM 135336]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [6/20/2007 12:37 AM 540448]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-319670913-3225394549-775371207-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:25]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-319670913-3225394549-775371207-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:25]
.
2011-04-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-319670913-3225394549-775371207-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-319670913-3225394549-775371207-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
2011-04-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-319670913-3225394549-775371207-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
2011-04-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-319670913-3225394549-775371207-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
2011-02-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-11-17 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = http=127.0.0.1:58323
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\pvzyfs5o.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://u.northwestern.edu/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58323
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-conhost - c:\documents and settings\me\Application Data\Microsoft\conhost.exe
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-15 11:44
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-15 11:46:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-15 16:46
.
Pre-Run: 11,802,099,712 bytes free
Post-Run: 16,151,347,200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 823D9A0D30B41AC4D1CDA9769F379960

Broni · Apr 15, 2011

MBRCheck log is incomplete.
Please, repost it.

=====================================================

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

FCopy::
c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe | c:\windows\System32\spoolsv.exe

File::
c:\windows\system32\MAI374.tmp

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:58323

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

darsh · Apr 15, 2011

ok here's the complete MBRCheck report and the new report as well:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E3000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEC000 fltMgr.sys
0xB9EDA000 sr.sys
0xB9EC3000 KSecDD.sys
0xB9E36000 Ntfs.sys
0xB9E09000 NDIS.sys
0xB9DEE000 Mup.sys
0xB9C9A000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9C86000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA368000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9C63000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA370000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9C3E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9C14000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA378000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA380000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9C00000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA128000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA398000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA138000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA148000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA158000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9BDD000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA168000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA744000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA178000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA574000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9BC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA188000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA198000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9B8D000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9B5C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5B2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA598000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA1F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5BC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA9552000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA9530000 \SystemRoot\system32\drivers\portcls.sys
0xBA208000 \SystemRoot\system32\drivers\drmk.sys
0xBA5C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA78D000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA430000 \SystemRoot\System32\drivers\vga.sys
0xBA5CC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA450000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA568000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA94D5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA947D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9455000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9434000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA228000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9412000 \SystemRoot\System32\drivers\afd.sys
0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA468000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xBA258000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA9396000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA92FF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA268000 \SystemRoot\System32\Drivers\Fips.SYS
0xA92D9000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA490000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA5D8000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xA92B6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA940E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA288000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA9406000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA9402000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA929E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5E0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA93E6000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA390000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA728000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF022000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF049000 \SystemRoot\System32\igxpdv32.DLL
0xBF186000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9149000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA9145000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8EEC000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8DE7000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8F61000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8A77000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8C30000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8534000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA478000 \??\C:\ComboFix\catchme.sys
0xBA62A000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xA824E000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
692 C:\WINDOWS\system32\smss.exe
740 csrss.exe
764 C:\WINDOWS\system32\winlogon.exe
808 C:\WINDOWS\system32\services.exe
820 C:\WINDOWS\system32\lsass.exe
1008 C:\WINDOWS\system32\svchost.exe
1104 svchost.exe
1204 C:\WINDOWS\system32\svchost.exe
1312 svchost.exe
1448 svchost.exe
1620 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1700 svchost.exe
1932 C:\WINDOWS\system32\rundll32.exe
2032 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
132 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
232 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
340 C:\Program Files\Bonjour\mDNSResponder.exe
408 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
672 sqlservr.exe
1192 C:\Program Files\PDF Complete\pdfsvc.exe
440 C:\WINDOWS\system32\igfxtray.exe
504 C:\WINDOWS\system32\hkcmd.exe
380 C:\WINDOWS\system32\igfxpers.exe
128 C:\WINDOWS\RTHDCPL.exe
1028 C:\Program Files\PDF Complete\pdfsty.exe
1272 C:\WINDOWS\SMINST\Scheduler.exe
1088 C:\Program Files\iTunes\iTunesHelper.exe
1800 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3904 C:\Program Files\iPod\bin\iPodService.exe
4044 alg.exe
3016 C:\WINDOWS\explorer.exe
3176 C:\WINDOWS\system32\notepad.exe
2148 C:\WINDOWS\system32\notepad.exe
2916 C:\WINDOWS\system32\notepad.exe
2752 G:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000010`2102cc00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD080HJ/P, Rev: ZH100-51

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 0C62942DB383379A3F323ED173858423662B0152

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

ComboFix 11-04-14.03 - me 04/15/2011 12:25:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1623 [GMT -5:00]
Running from: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\system32\MAI374.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\MAI374.tmp
.
.
--------------- FCopy ---------------
.
c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe --> c:\windows\System32\spoolsv.exe
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-15 17:25 . 2008-04-14 00:12 57856 ----a-w- c:\windows\system32\spoolsv.exe
2011-04-14 08:03 . 2011-04-14 08:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-04-13 18:07 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-04-13 18:07 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-04-13 17:03 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-13 17:03 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-13 17:03 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-13 17:03 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-13 17:03 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-13 17:03 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-13 17:03 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-13 17:03 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-12 22:00 . 2011-04-14 18:36 -------- d-----w- c:\windows\system32\NtmsData
2011-04-12 21:57 . 2011-03-04 21:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-12 21:57 . 2011-03-04 19:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-12 21:57 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-12 21:57 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-12 21:57 . 2011-04-12 21:57 -------- d-----w- c:\program files\Avira
2011-04-12 21:57 . 2011-04-12 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-04-12 21:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 21:39 . 2011-04-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-12 21:39 . 2011-04-12 21:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 21:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-12 17:49 . 2002-02-18 23:40 6200 ----a-w- c:\windows\system32\INT13EXT.VXD
2011-04-12 17:49 . 2011-04-12 17:49 -------- d-----w- c:\program files\PC Inspector File Recovery
2011-04-12 15:17 . 2011-04-12 22:03 -------- d-----w- c:\documents and settings\me
2011-04-04 19:51 . 2011-04-04 19:51 -------- d-----w- c:\program files\IrfanView
2011-03-16 19:14 . 2011-03-16 19:14 -------- d-----w- c:\program files\iPod
2011-03-16 19:14 . 2011-03-16 19:15 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-31 14:44 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-18 17:53 . 2011-04-13 17:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-04-15_16.43.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-04-25 17:43 . 2011-04-14 21:55 89630 c:\windows\system32\perfc009.dat
+ 2006-04-25 17:43 . 2011-04-15 16:47 89630 c:\windows\system32\perfc009.dat
+ 2006-04-25 17:43 . 2011-04-15 16:47 491066 c:\windows\system32\perfh009.dat
- 2006-04-25 17:43 . 2011-04-14 21:55 491066 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 16250880]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-31 273544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/12/2011 4:57 PM 135336]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [6/20/2007 12:37 AM 540448]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-319670913-3225394549-775371207-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:25]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-319670913-3225394549-775371207-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:25]
.
2011-04-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-319670913-3225394549-775371207-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-319670913-3225394549-775371207-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
2011-04-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-319670913-3225394549-775371207-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
2011-04-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-319670913-3225394549-775371207-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
2011-02-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-11-17 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\pvzyfs5o.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://u.northwestern.edu/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58323
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-15 12:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Completion time: 2011-04-15 12:30:16
ComboFix-quarantined-files.txt 2011-04-15 17:30
ComboFix2.txt 2011-04-15 16:46
.
Pre-Run: 16,147,943,424 bytes free
Post-Run: 16,130,981,888 bytes free
.
- - End Of File - - CDBC1B3559AB1A3247DA0CB1D928AF87

Broni · Apr 15, 2011

How is internet connection?

darsh · Apr 15, 2011

After restarting my computer, the same situation is occurring, where network connection says that I'm connected but firefox still says that the proxy server is refusing connections.

Broni · Apr 15, 2011

Please download MiniToolBox and run it.

Checkmark following boxes:

Report IE Proxy Settings
List content of Hosts
List IP configuration
List last 10 Event Viewer log

Click Go and post the result.

darsh · Apr 15, 2011

Sorry I pasted the wrong document. Here it is.

MiniToolBox by Farbar
Ran by me (administrator) at 2011-04-15 12:59:25
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : JASONDREWS

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-1B-78-3E-CF-04

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.49

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Friday, April 15, 2011 12:49:47 PM

Lease Expires . . . . . . . . . . : Saturday, April 16, 2011 12:49:47 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.16, 74.125.225.19, 74.125.225.18, 74.125.225.17
74.125.225.20

Pinging google.com [74.125.225.20] with 32 bytes of data:

Reply from 74.125.225.20: bytes=32 time=14ms TTL=55

Reply from 74.125.225.20: bytes=32 time=13ms TTL=55

Ping statistics for 74.125.225.20:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 13ms, Maximum = 14ms, Average = 13ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:

Reply from 67.195.160.76: bytes=32 time=38ms TTL=50

Reply from 67.195.160.76: bytes=32 time=54ms TTL=50

Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 54ms, Average = 46ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1b 78 3e cf 04 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.49 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.49 192.168.1.49 20
192.168.1.0 255.255.255.0 192.168.1.49 192.168.1.49 20
192.168.1.49 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.49 192.168.1.49 20
224.0.0.0 240.0.0.0 192.168.1.49 192.168.1.49 20
255.255.255.255 255.255.255.255 192.168.1.49 192.168.1.49 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/12/2011 11:33:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1475516

Error: (04/12/2011 11:33:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1475516

Error: (04/12/2011 11:33:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2011 11:33:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1473563

Error: (04/12/2011 11:33:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1473563

Error: (04/12/2011 11:33:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2011 11:33:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1471610

Error: (04/12/2011 11:33:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1471610

Error: (04/12/2011 11:33:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2011 11:33:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1469657

System errors:
=============
Error: (04/15/2011 00:44:14 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error: (04/15/2011 11:44:32 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl
i8042prt

Error: (04/15/2011 11:44:13 AM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%2

Error: (04/14/2011 04:53:08 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server (MSSMLBIZ) service terminated unexpectedly. It has done this 1 time(s).

Error: (04/14/2011 04:53:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error: (04/14/2011 04:53:07 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server (MSSMLBIZ) service hung on starting.

Error: (04/14/2011 04:52:01 PM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126

Error: (04/14/2011 04:52:01 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%2

Error: (04/14/2011 04:48:50 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{30AC4706-B8C4-4EC9-A256-96A2F772FBD7}.
The backup browser is stopping.

Error: (04/14/2011 01:21:11 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl

Microsoft Office Sessions:
=========================

========================= End of Event log errors =========================

Broni · Apr 15, 2011

Your connection is perfectly fine.
See, if you can browse with IE.

darsh · Apr 15, 2011

yes I can get internet access on IE. Thanks so much.

Broni · Apr 15, 2011

Well, we still have some work to do, as we don't want to leave your computer half-working.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

darsh · Apr 15, 2011

OTL Extras logfile created on: 4/15/2011 1:27:19 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\me\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 15.00 Gb Free Space | 23.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.83 Gb Free Space | 48.25% Space Free | Partition Type: NTFS

Computer Name: JASONDREWS | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-319670913-3225394549-775371207-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Warcraft III - The Frozen Throne

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Warcraft III\Frozen Throne.exe" = C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iMPEG Converter_is1" = iMPEG Converter 3.8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"PDF Complete" = PDF Complete
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"Secret Crush Revealer" = Secret Crush Revealer
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Warcraft III" = Warcraft III
"WIC" = Windows Imaging Component

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2011 12:33:25 PM | Computer Name = JASONDREWS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1469657

Error - 4/12/2011 12:33:27 PM | Computer Name = JASONDREWS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/12/2011 12:33:27 PM | Computer Name = JASONDREWS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1471610

Error - 4/12/2011 12:33:27 PM | Computer Name = JASONDREWS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1471610

Error - 4/12/2011 12:33:29 PM | Computer Name = JASONDREWS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/12/2011 12:33:29 PM | Computer Name = JASONDREWS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1473563

Error - 4/12/2011 12:33:29 PM | Computer Name = JASONDREWS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1473563

Error - 4/12/2011 12:33:31 PM | Computer Name = JASONDREWS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/12/2011 12:33:31 PM | Computer Name = JASONDREWS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1475516

Error - 4/12/2011 12:33:31 PM | Computer Name = JASONDREWS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1475516

[ System Events ]
Error - 4/14/2011 2:21:11 PM | Computer Name = JASONDREWS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 4/14/2011 5:48:50 PM | Computer Name = JASONDREWS | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{30AC4706-B8C4-4EC9-A256-96A2F772FBD7}. The
backup browser is stopping.

Error - 4/14/2011 5:52:01 PM | Computer Name = JASONDREWS | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 4/14/2011 5:52:01 PM | Computer Name = JASONDREWS | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 4/14/2011 5:53:07 PM | Computer Name = JASONDREWS | Source = Service Control Manager | ID = 7022
Description = The SQL Server (MSSMLBIZ) service hung on starting.

Error - 4/14/2011 5:53:07 PM | Computer Name = JASONDREWS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 4/14/2011 5:53:08 PM | Computer Name = JASONDREWS | Source = Service Control Manager | ID = 7034
Description = The SQL Server (MSSMLBIZ) service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/15/2011 12:44:13 PM | Computer Name = JASONDREWS | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 4/15/2011 12:44:32 PM | Computer Name = JASONDREWS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl i8042prt

Error - 4/15/2011 1:44:14 PM | Computer Name = JASONDREWS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

< End of report >

OTL logfile created on: 4/15/2011 1:27:19 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\me\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 15.00 Gb Free Space | 23.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.83 Gb Free Space | 48.25% Space Free | Partition Type: NTFS

Computer Name: JASONDREWS | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/15 13:20:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007/04/13 11:44:20 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/04/13 11:44:18 | 000,331,552 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/04/24 12:42:06 | 000,888,832 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/02/27 21:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/15 13:20:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
MOD - [2006/02/27 21:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007/04/13 11:44:20 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/07/04 12:29:18 | 004,306,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/10 10:00:16 | 000,156,160 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/07 16:19:32 | 000,067,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2005/01/07 19:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/03 12:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 12:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 12:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 12:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 12:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 12:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 12:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 12:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 12:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 12:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 12:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 12:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 12:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 12:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 12:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 00:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.hp.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59677

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.hp.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59677

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-319670913-3225394549-775371207-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-21-319670913-3225394549-775371207-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://u.northwestern.edu/"
FF - prefs.js..extensions.enabledItems: {0CDC78A2-05A1-47F9-8810-A36BA7576D00}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58323
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/31 09:44:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/13 12:03:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/13 12:03:50 | 000,000,000 | ---D | M]

darsh · Apr 15, 2011

[2011/04/12 10:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me\Application Data\Mozilla\Extensions
[2011/04/12 10:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\pvzyfs5o.default\extensions
[2011/04/12 10:23:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\pvzyfs5o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/13 12:03:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/18 22:32:51 | 000,000,000 | ---D | M] (ResultBrowse) -- C:\Program Files\Mozilla Firefox\extensions\{0CDC78A2-05A1-47F9-8810-A36BA7576D00}
[2010/11/21 21:42:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/01/31 09:44:58 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/19 17:06:29 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/15 12:29:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-319670913-3225394549-775371207-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-319670913-3225394549-775371207-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-319670913-3225394549-775371207-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-319670913-3225394549-775371207-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-319670913-3225394549-775371207-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Program Files\Windows NT\dwm.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Program Files\Windows NT\dwm.exe) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/15 13:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/04/15 13:20:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/15 13:19:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
[2011/04/15 12:30:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/15 11:37:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/15 11:34:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/15 11:34:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/15 11:34:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/15 11:34:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/15 11:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/15 11:33:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/14 03:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/04/13 16:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\vlc
[2011/04/13 15:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\uTorrent
[2011/04/12 19:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2011/04/12 17:00:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/04/12 16:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Avira
[2011/04/12 16:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/04/12 16:57:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/12 16:57:56 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/12 16:57:56 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/12 16:57:56 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/12 16:57:56 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/12 16:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/12 16:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/04/12 16:52:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/12 16:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/04/12 16:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Malwarebytes
[2011/04/12 16:39:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/12 16:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/12 16:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/12 16:39:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/12 16:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/12 13:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\Adobe
[2011/04/12 12:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2011/04/12 12:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Inspector File Recovery
[2011/04/12 12:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\My Documents\Downloads
[2011/04/12 10:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Macromedia
[2011/04/12 10:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Adobe
[2011/04/12 10:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\Mozilla
[2011/04/12 10:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Mozilla
[2011/04/12 10:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Ikruy
[2011/04/12 10:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Apple Computer
[2011/04/12 10:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\Apple Computer
[2011/04/12 10:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Real
[2011/04/12 10:17:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\me\Application Data\Microsoft
[2011/04/12 10:17:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\me\Cookies
[2011/04/12 10:17:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\me\SendTo
[2011/04/12 10:17:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\me\Recent
[2011/04/12 10:17:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\me\Application Data
[2011/04/12 10:17:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\me\My Documents\My Pictures
[2011/04/12 10:17:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\me\My Documents\My Music
[2011/04/12 10:17:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\me\My Documents
[2011/04/12 10:17:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\me\Favorites
[2011/04/12 10:17:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\me\PrintHood
[2011/04/12 10:17:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\me\NetHood
[2011/04/12 10:17:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\me\Local Settings
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\Symantec
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Symantec
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\Seven Zip
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\SampleView
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\Microsoft Help
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\Microsoft
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\InstallShield
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Identities
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\Google
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\ApplicationHistory
[2011/04/12 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2011/04/12 10:17:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\me\Start Menu\Programs\Startup
[2011/04/12 10:17:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\me\Start Menu
[2011/04/12 10:17:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\me\Start Menu\Programs\Accessories
[2011/04/12 10:17:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\me\Templates
[2011/04/04 14:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/03/16 14:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/16 14:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/16 14:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/15 13:30:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-319670913-3225394549-775371207-500UA.job
[2011/04/15 13:27:07 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-319670913-3225394549-775371207-1008.job
[2011/04/15 13:27:07 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-319670913-3225394549-775371207-1008.job
[2011/04/15 13:20:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
[2011/04/15 12:57:54 | 000,365,703 | ---- | M] () -- C:\Documents and Settings\me\Desktop\MiniToolBox.exe
[2011/04/15 12:47:53 | 000,491,066 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 12:47:53 | 000,089,630 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 12:43:25 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/04/15 12:43:11 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-319670913-3225394549-775371207-500.job
[2011/04/15 12:43:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/15 12:42:55 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/15 12:29:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/15 12:23:32 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Shortcut to ComboFix.exe.lnk
[2011/04/15 11:37:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/14 03:02:38 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/13 16:17:08 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 15:39:18 | 000,011,460 | ---- | M] () -- C:\Documents and Settings\me\Application Data\5026.E39
[2011/04/13 15:30:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-319670913-3225394549-775371207-500Core.job
[2011/04/13 12:03:54 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/13 12:03:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/12 16:58:09 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/12 16:39:57 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/12 16:39:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 12:49:14 | 000,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2011/04/12 10:17:50 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/12 09:38:33 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-319670913-3225394549-775371207-500.job
[2011/04/09 18:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/16 14:15:58 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/15 12:59:01 | 000,365,703 | ---- | C] () -- C:\Documents and Settings\me\Desktop\MiniToolBox.exe
[2011/04/15 12:23:32 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Shortcut to ComboFix.exe.lnk
[2011/04/15 11:37:11 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/15 11:37:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/15 11:34:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/15 11:34:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/15 11:34:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/15 11:34:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/15 11:34:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/14 03:02:38 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/13 16:17:08 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 12:03:54 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/13 12:03:54 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/12 16:58:09 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/12 16:39:57 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/12 16:39:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 13:41:47 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-319670913-3225394549-775371207-1008.job
[2011/04/12 13:41:46 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-319670913-3225394549-775371207-1008.job
[2011/04/12 13:16:40 | 000,208,896 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Restoration.exe
[2011/04/12 13:16:40 | 000,204,849 | ---- | C] () -- C:\Documents and Settings\me\Desktop\DLL32.DLL
[2011/04/12 13:16:40 | 000,010,626 | ---- | C] () -- C:\Documents and Settings\me\Desktop\FreePC.rtf
[2011/04/12 13:16:40 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\me\Desktop\DLL16.DLL
[2011/04/12 13:16:40 | 000,000,927 | ---- | C] () -- C:\Documents and Settings\me\Desktop\file_id.diz
[2011/04/12 12:49:15 | 000,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2011/04/12 12:49:14 | 000,001,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2011/04/12 10:17:55 | 000,011,460 | ---- | C] () -- C:\Documents and Settings\me\Application Data\5026.E39
[2011/04/12 10:17:47 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\me\Start Menu\Programs\Windows Media Player.lnk
[2011/04/12 10:17:42 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/12 10:17:42 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/04/12 10:17:41 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\me\Start Menu\Programs\Remote Assistance.lnk
[2011/04/12 10:17:41 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\me\Start Menu\Programs\Internet Explorer.lnk
[2011/04/12 10:17:41 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\me\Start Menu\Programs\Outlook Express.lnk
[2011/03/16 14:15:58 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/20 15:35:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/04 13:58:42 | 000,056,840 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/21 21:43:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/17 17:07:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/17 09:02:51 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2007/06/20 00:57:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/20 00:36:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/06/20 00:36:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/06/20 00:36:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/06/20 00:36:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/06/20 00:36:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/06/20 00:36:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/06/20 00:35:26 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/06/20 00:35:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/06/20 00:22:45 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/06/20 00:22:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/04/25 13:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 12:43:54 | 000,491,066 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 12:43:54 | 000,089,630 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 12:39:48 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 12:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 12:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/27 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/27 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/27 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/27 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/27 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/27 21:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/02/27 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/27 21:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/02/27 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 02:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 02:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 05:12:22 | 000,000,774 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2010/10/18 22:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Echo Software
[2010/12/11 14:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/06/20 00:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/10/21 10:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SSH
[2011/01/26 18:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uquxy
[2011/04/04 17:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/04/12 19:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xaunad
[2010/10/17 17:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/17 08:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2007/06/20 00:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2011/04/12 17:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Ikruy
[2007/06/20 00:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\SampleView
[2011/04/13 16:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\uTorrent
[2011/04/15 12:43:25 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/07/10 13:53:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/15 11:37:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/15 12:30:17 | 000,010,866 | ---- | M] () -- C:\ComboFix.txt
[2011/04/15 12:42:55 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/02 17:58:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/02 17:58:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/27 21:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/02/27 21:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/04/15 12:42:54 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/04/25 12:31:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/04/25 05:17:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/25 05:17:50 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/25 05:17:50 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2006/04/25 12:32:44 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/12 10:17:50 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/04/25 12:41:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/15 12:57:54 | 000,365,703 | ---- | M] () -- C:\Documents and Settings\me\Desktop\MiniToolBox.exe
[2011/04/15 13:20:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
[2003/04/14 09:10:02 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Restoration.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/04/12 10:17:49 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\me\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/15 13:28:51 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\me\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006/02/27 21:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2006/02/27 21:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/03 22:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/03 22:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/03 22:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/08/03 22:06:34 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/03 22:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/03 22:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/03 22:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/03 22:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/03 22:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-14 08:04:17

< End of report >

Broni · Apr 15, 2011

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

=====================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59677
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59677
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58323
FF - prefs.js..network.proxy.type: 1
[2011/01/19 17:06:29 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-319670913-3225394549-775371207-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2011/04/12 10:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Ikruy
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/01/26 18:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uquxy

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

See, if Firefox will work after running the above fix and restarting computer.

darsh · Apr 15, 2011

After rebooting firefox does now work properly. The only thing that seems a little messed up still is my accessibility to online gaming abilities. When trying connect to online gaming, it immediately says it is unable to connect. Here is the requested log though:

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 58323 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-319670913-3225394549-775371207-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\Documents and Settings\me\Application Data\Ikruy folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Uquxy folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 376147 bytes
->FireFox cache emptied: 75774017 bytes
->Google Chrome cache emptied: 163380976 bytes
->Flash cache emptied: 47382 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3375238 bytes
->Java cache emptied: 4236495 bytes

User: me
->Temp folder emptied: 10791587 bytes
->Temporary Internet Files folder emptied: 13251830 bytes
->Java cache emptied: 5744 bytes
->FireFox cache emptied: 107921930 bytes
->Flash cache emptied: 3281 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 562 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 68586 bytes
RecycleBin emptied: 35028764 bytes

Total Files Cleaned = 395.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: me
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04152011_142135

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_524.dat not found!

Registry entries deleted on Reboot...

Broni · Apr 15, 2011

Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same issue?

More scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

darsh · Apr 17, 2011

hey sorry I haven't responded for the past couple days, but after doing some more tests and such I have found that the reason that I am unable to connect to my online gaming is due to an IP ban that I was given. I have done a bit of research and it seems that using something like a transparent proxy or such can be used to get around this small problem of mine. Do you have any other suggestions?

Broni · Apr 17, 2011

Not in that matter.
I'd even consider it illegal.

darsh · Apr 17, 2011

Oh okay I didn't realize that. Thank you such much for all of your help and for fixing my very messed up computer. I really appreciate it.

Broni · Apr 17, 2011

I strongly suggest, you follow those steps from my reply #21.

darsh · Apr 17, 2011

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\dwm.exe.vir a variant of Win32/Kryptik.MNO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe.vir a variant of Win32/Kryptik.MLM trojan

Solved Multiple csrss.exe running

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Similar threads