False Windows Security Center Virus

View previous topic View next topic Go down

False Windows Security Center Virus

Post by SebastianJ on Tue Feb 09, 2010 12:04 am

Hello,
I have a fake Windows security center popping up and it is keeping me from opening any defensive programs. From reading similar poasts I have run OTL and have both logs below. If any of you could lend your knowledge and let me know how to proceed, I would greatly appreciate it.
Thanks in advance for your help.

Sebastian

OTL logfile created on: 2/8/2010 10:52:17 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Sebastian\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.23 Gb Total Space | 12.55 Gb Free Space | 17.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.52 Gb Total Space | 55.17 Gb Free Space | 74.03% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWITKOWSKI
Current User Name: Sebastian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/08 22:50:28 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebastian\Desktop\OTL.exe
PRC - [2010/02/08 19:59:02 | 000,037,376 | ---- | M] () -- C:\Program Files\svchost.exe
PRC - [2010/02/08 19:58:45 | 001,057,800 | ---- | M] (ADC ltd.) -- C:\Program Files\Your PC Protector\Your PC Protector.exe
PRC - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/11 02:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxczcoms.exe
PRC - [2007/01/04 15:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/09/29 13:55:38 | 000,069,632 | ---- | M] () -- C:\WINDOWS\SYSTEM32\FreezeScreenSaver.exe
PRC - [2004/03/04 10:30:48 | 000,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
PRC - [2004/03/04 10:26:20 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\bunuzope.dll
MOD - [2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\bigitita.dll
MOD - [2010/02/08 22:50:28 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebastian\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/08 19:59:02 | 000,037,376 | ---- | M] () [Auto | Running] -- C:\Program Files\svchost.exe -- (AdbUpd)
SRV - [2009/01/06 13:06:24 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/09/08 15:44:22 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2005/12/05 22:34:20 | 000,069,120 | ---- | M] (Autodesk, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005/09/29 13:55:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\FreezeScreenSaver.exe -- (FreezeScreenSaver)
SRV - [2004/03/04 10:30:48 | 000,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/12/17 12:59:48 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/06/20 06:00:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2008/11/07 14:23:30 | 000,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2008/04/17 13:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/04/18 16:34:55 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/09/20 10:00:54 | 001,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/01/27 14:31:06 | 000,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/12/06 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 00:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 00:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 00:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 02:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 01:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/09/02 20:01:16 | 000,396,480 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/08/04 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2004/08/04 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2004/08/04 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/15 21:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/10 14:49:14 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel(R)
DRV - [2004/01/28 15:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)
DRV - [2003/09/19 15:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/05/05 17:25:48 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\ANIO.sys -- (ANIO)
DRV - [2002/06/23 15:31:20 | 000,045,568 | R--- | M] (D-Link Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DLKRTS.SYS -- (DLKRTS)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.uiuc.edu"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 15:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/19 15:50:23 | 000,000,000 | ---D | M]

[2008/08/31 11:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastian\Application Data\Mozilla\Extensions
[2010/02/08 00:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastian\Application Data\Mozilla\Firefox\Profiles\7flzcls6.default\extensions
[2008/03/09 15:24:17 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Sebastian\Application Data\Mozilla\Firefox\Profiles\7flzcls6.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2007/02/26 17:30:58 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Sebastian\Application Data\Mozilla\Firefox\Profiles\7flzcls6.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2005/09/18 11:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastian\Application Data\Mozilla\Firefox\Profiles\vs5bbpze.Default User\extensions
[2005/09/18 11:50:23 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Sebastian\Application Data\Mozilla\Firefox\Profiles\vs5bbpze.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/08 00:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/09 19:28:49 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Program Files\Mozilla Firefox\extensions\{755C54AC-3120-42D3-9CE3-B8EB25248150}
[2007/02/01 14:25:50 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint_0305000D.dll

O1 HOSTS File: ([2009/04/02 09:03:39 | 000,000,736 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ADC PlugIn) - {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} - C:\Program Files\adc32.dll (ASC - AntiSpyware)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [Cleanup] C:\Documents and Settings\Sebastian\Local Settings\Temp\201028201950_mcappins.exe (McAfee, Inc)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [fosimurik] C:\WINDOWS\System32\bunuzope.DLL ()
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [msci] C:\Documents and Settings\Sebastian\Local Settings\Temp\201028201945_mcinfo.exe (McAfee, Inc)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [Adobe Loader] C:\Program Files\adb9_32.exe File not found
O4 - HKCU..\Run: [AIM] C:\ponky\progs\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\ponky\progs\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.222.220
O20 - AppInit_DLLs: (fnyyki.dll) - File not found
O20 - AppInit_DLLs: (bigitita.dll) - C:\WINDOWS\System32\bigitita.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\bunuzope.dll) - C:\WINDOWS\SYSTEM32\bunuzope.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: ripalomih - {cb4b91bd-eab5-4ddf-a661-9dbb5f9e4c79} - C:\WINDOWS\SYSTEM32\bunuzope.dll ()
O22 - SharedTaskScheduler: {cb4b91bd-eab5-4ddf-a661-9dbb5f9e4c79} - gahurihor - C:\WINDOWS\SYSTEM32\bunuzope.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Sebastian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sebastian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/01/08 22:40:19 | 000,000,000 | -H-- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5f3b53c2-d547-11da-93e0-0013205d8144}\Shell\Auto\command - "" = E:\Start.exe -- File not found
O33 - MountPoints2\{5f3b53c2-d547-11da-93e0-0013205d8144}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- C:\Program Files\alggui.exe "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2010/02/08 22:49:18 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sebastian\Desktop\OTL.exe
[2010/02/08 20:18:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/08 20:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\schtml
[2010/02/08 20:02:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sebastian\PrivacIE
[2010/02/08 20:00:28 | 000,000,000 | ---D | C] -- C:\Your PC Protector
[2010/02/08 19:59:11 | 000,962,560 | ---- | C] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll
[2010/02/08 19:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Your PC Protector
[2010/02/08 19:58:42 | 001,057,800 | ---- | C] (ADC ltd.) -- C:\Program Files\wpp.exe
[2010/01/25 17:16:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sebastian\IETldCache
[2010/01/25 16:18:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/25 16:14:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/25 16:07:17 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Sebastian\Desktop\setup-spybotsd162.exe
[2010/01/25 16:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/01/25 16:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2010/01/25 16:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/01/25 16:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/01/12 17:30:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/10/10 02:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/03 18:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/02/19 21:46:15 | 000,010,240 | -HS- | C] (MicroSoft (c)) -- C:\Program Files\expdebug.exe
[2008/08/28 17:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/19 20:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pdfMachine
[2008/01/17 19:59:15 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2008/01/17 19:59:15 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2008/01/17 19:59:14 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2008/01/17 19:59:14 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2008/01/17 19:59:14 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2008/01/17 19:59:13 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2008/01/17 19:59:13 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2008/01/17 19:59:13 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2008/01/17 19:59:13 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2008/01/17 19:59:12 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[2008/01/17 19:59:11 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[2008/01/17 19:59:10 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2007/08/20 02:03:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/05/02 20:16:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/08/06 10:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Sebastian\Desktop\*.tmp files -> C:\Documents and Settings\Sebastian\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\System32\bunuzope.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\System32\vovuhinu.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\System32\toyutabo.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\System32\bigitita.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\panosuba.dll
[2010/02/08 22:54:20 | 000,000,056 | ---- | M] () -- C:\Program Files\wp4.dat
[2010/02/08 22:54:20 | 000,000,002 | ---- | M] () -- C:\Program Files\wp3.dat
[2010/02/08 22:53:58 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rudegono
[2010/02/08 22:52:20 | 000,962,560 | ---- | M] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll
[2010/02/08 22:52:20 | 000,043,520 | ---- | M] () -- C:\Program Files\alggui.exe
[2010/02/08 22:52:19 | 000,001,530 | ---- | M] () -- C:\Your PC Protector.lnk
[2010/02/08 22:50:28 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebastian\Desktop\OTL.exe
[2010/02/08 22:49:09 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Sebastian\NTUSER.DAT
[2010/02/08 22:40:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/08 22:25:23 | 000,047,095 | ---- | M] () -- C:\log.html
[2010/02/08 22:25:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/08 22:25:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/08 22:25:05 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/08 21:22:19 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sebastian\NTUSER.INI
[2010/02/08 20:38:34 | 086,571,859 | ---- | M] () -- C:\Documents and Settings\Sebastian\Desktop\UIUCMcAfee8.7ip2PO.exe
[2010/02/08 19:59:09 | 000,000,009 | ---- | M] () -- C:\Program Files\nuar.old
[2010/02/08 19:59:02 | 000,037,376 | ---- | M] () -- C:\Program Files\svchost.exe
[2010/02/08 19:59:02 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\Sebastian\Desktop\Your PC Protector.lnk
[2010/02/08 19:59:02 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat
[2010/02/08 19:58:45 | 001,057,800 | ---- | M] (ADC ltd.) -- C:\Program Files\wpp.exe
[2010/02/08 10:26:50 | 000,032,206 | ---- | M] () -- C:\Documents and Settings\Sebastian\Desktop\Witkowski HW3.docx
[2010/02/08 09:30:35 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Sebastian\Desktop\Microsoft Office Word 2003.lnk
[2010/02/08 09:28:26 | 001,326,318 | ---- | M] () -- C:\Documents and Settings\Sebastian\Desktop\gsxr 750 orange wheels.JPG
[2010/02/05 14:54:06 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Sebastian\Desktop\WitkowskiHW30205.doc
[2010/02/02 18:49:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/31 11:51:19 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/25 17:53:53 | 000,000,203 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/01/25 17:39:44 | 000,117,864 | ---- | M] () -- C:\Documents and Settings\Sebastian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/25 16:19:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/25 16:09:43 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Sebastian\Desktop\Spybot - Search & Destroy.lnk
[2010/01/25 16:08:10 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Sebastian\Desktop\setup-spybotsd162.exe
[2010/01/21 17:24:18 | 000,009,008 | ---- | M] () -- C:\Documents and Settings\Sebastian\Desktop\4189_854319050630_1932476_49463611_3721400_n.jpg
[2010/01/18 12:19:21 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/01/18 12:19:20 | 000,528,934 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/18 12:19:20 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Sebastian\Desktop\*.tmp files -> C:\Documents and Settings\Sebastian\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\bunuzope.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | C] () -- C:\WINDOWS\System32\vovuhinu.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | C] () -- C:\WINDOWS\System32\toyutabo.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | C] () -- C:\WINDOWS\System32\bigitita.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\panosuba.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\rudegono
[2010/02/08 20:38:15 | 086,571,859 | ---- | C] () -- C:\Documents and Settings\Sebastian\Desktop\UIUCMcAfee8.7ip2PO.exe
[2010/02/08 20:00:29 | 000,001,530 | ---- | C] () -- C:\Your PC Protector.lnk
[2010/02/08 19:59:12 | 000,043,520 | ---- | C] () -- C:\Program Files\alggui.exe
[2010/02/08 19:59:09 | 000,000,009 | ---- | C] () -- C:\Program Files\nuar.old
[2010/02/08 19:59:02 | 000,037,376 | ---- | C] () -- C:\Program Files\svchost.exe
[2010/02/08 19:59:02 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\Sebastian\Desktop\Your PC Protector.lnk
[2010/02/08 19:59:02 | 000,000,056 | ---- | C] () -- C:\Program Files\wp4.dat
[2010/02/08 19:59:02 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2010/02/08 19:59:02 | 000,000,002 | ---- | C] () -- C:\Program Files\wp3.dat
[2010/02/08 10:26:49 | 000,032,206 | ---- | C] () -- C:\Documents and Settings\Sebastian\Desktop\Witkowski HW3.docx
[2010/02/08 09:28:19 | 001,326,318 | ---- | C] () -- C:\Documents and Settings\Sebastian\Desktop\gsxr 750 orange wheels.JPG
[2010/02/05 10:04:57 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Sebastian\Desktop\WitkowskiHW30205.doc
[2010/01/21 17:24:16 | 000,009,008 | ---- | C] () -- C:\Documents and Settings\Sebastian\Desktop\4189_854319050630_1932476_49463611_3721400_n.jpg
[2009/02/19 21:46:20 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\winconfig32.ini
[2009/01/20 22:28:38 | 000,006,838 | ---- | C] () -- C:\Documents and Settings\Sebastian\Application Data\PrimoPDFSet.xml
[2009/01/20 22:26:16 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/11/12 00:14:09 | 000,000,429 | ---- | C] () -- C:\WINDOWS\ArcView9x.INI
[2008/09/08 17:56:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/04/28 11:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/01/17 20:19:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2008/01/17 20:19:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2008/01/17 20:15:18 | 000,000,437 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2008/01/17 20:14:52 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.dll
[2008/01/17 20:14:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2008/01/17 20:13:23 | 000,039,899 | R--- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2008/01/17 19:59:15 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2008/01/17 19:59:14 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxczutil.dll
[2007/09/09 12:02:52 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2006/06/07 12:23:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2006/04/18 16:30:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/11 22:26:09 | 000,000,553 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/03/21 18:38:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/07 10:59:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2006/02/22 10:02:26 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Sebastian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/10 19:52:05 | 000,000,072 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006/02/10 19:47:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/02/06 15:10:43 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2006/01/16 12:20:15 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2006/01/16 12:19:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/01/10 16:11:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2006/01/10 16:11:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2005/11/08 23:33:40 | 000,003,168 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/10/29 00:28:51 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\CtSACKey.sys
[2005/10/20 13:32:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/10/20 13:32:01 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/08/31 19:50:50 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Sebastian\Local Settings\Application Data\fusioncache.dat
[2005/08/29 21:08:31 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\98A10D6F21.sys
[2005/08/29 21:00:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/06 10:36:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/02 06:56:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/02 06:49:54 | 000,000,203 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/02 06:18:36 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 07:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/02/10 14:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003/06/20 06:00:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 14:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[1997/06/25 15:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
< End of report >


OTL Extras logfile created on: 2/8/2010 10:52:17 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Sebastian\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.23 Gb Total Space | 12.55 Gb Free Space | 17.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.52 Gb Total Space | 55.17 Gb Free Space | 74.03% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWITKOWSKI
Current User Name: Sebastian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.exe [@ = exefile] -- C:\Program Files\alggui.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- C:\Program Files\alggui.exe "%1" %* ()
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6881:TCP" = 6881:TCP:*:Disabled:Azureus
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"18269:UDP" = 18269:UDP:*:Disabled:bitcomet
"18269:TCP" = 18269:TCP:*:Disabled:bitcomet
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"24537:TCP" = 24537:TCP:*:Enabled:BitComet 24537 TCP
"24537:UDP" = 24537:UDP:*:Enabled:BitComet 24537 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\ponky\progs\AIM\aim.exe" = C:\ponky\progs\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe:*:Enabled:LimeWire: The most advanced file sharing program on the planet. -- (LimeWire, LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Westwood\RA2\game.exe" = C:\Westwood\RA2\game.exe:*:Disabled:Main executable for Red Alert 2 -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\WINDOWS\SYSTEM32\lxczcoms.exe" = C:\WINDOWS\SYSTEM32\lxczcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- File not found
"C:\ponky\progs\AIM\aim.exe" = C:\ponky\progs\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\ponky\progs\Bit commet\BitComet\BitComet.exe" = C:\ponky\progs\Bit commet\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- ([You must be registered and logged in to see this link.]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\svchost.exe" = C:\Program Files\svchost.exe:*:Enabled:svchost -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F692FA9-348B-4264-B4EA-DE6BFA45D8AE}" = Microsoft WorldWide Telescope
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{616FBA10-B630-4AAF-9B44-3CC83EAA7E55}" = eDrawings 2007
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69654736-1026-4728-A78E-BA45DF993BAE}" = LimeWire
"{6DF9255E-F88F-4C97-ADAA-2CC0B0BBAA96}" = DWGeditor
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F29684-304D-4DE9-B9B8-E284EA449C3C}" = SolidWorks 2007-2008 Student Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"AOL Instant Messenger" = AOL Instant Messenger
"ArcGIS Desktop" = ArcGIS Desktop
"ASUS Probe V2.25.02" = ASUS Probe V2.25.02
"BitComet" = BitComet 1.11
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"HijackThis" = HijackThis 1.99.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{69654736-1026-4728-A78E-BA45DF993BAE}" = LimeWire
"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"PrimoPDF4.1.0.9" = PrimoPDF
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"RealPlayer 6.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"SysInfo" = Creative System Information
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vision Simulator0.42" = Vision Simulator
"VLC media player" = VideoLAN VLC media player 0.8.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2010 1:24:10 AM | Computer Name = SWITKOWSKI | Source = MsiInstaller | ID = 10005
Description = Product: McAfee VirusScan Enterprise -- This installation cannot continue
because McAfee VirusScan Online is already installed. McAfee VirusScan Enterprise
Setup will now exit. For more information, please contact your Administrator.

Error - 2/8/2010 1:24:10 AM | Computer Name = SWITKOWSKI | Source = MsiInstaller | ID = 1023
Description = Product: McAfee VirusScan Enterprise - Update 'Patch 8 for McAfee
VirusScan Enterprise 8.5' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\McAfeeLogs\VSEInst.log.

Error - 2/8/2010 8:06:16 AM | Computer Name = SWITKOWSKI | Source = MsiInstaller | ID = 10005
Description = Product: McAfee VirusScan Enterprise -- This installation cannot continue
because McAfee VirusScan Online is already installed. McAfee VirusScan Enterprise
Setup will now exit. For more information, please contact your Administrator.

Error - 2/8/2010 8:06:16 AM | Computer Name = SWITKOWSKI | Source = MsiInstaller | ID = 1023
Description = Product: McAfee VirusScan Enterprise - Update 'Patch 8 for McAfee
VirusScan Enterprise 8.5' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\McAfeeLogs\VSEInst.log.

Error - 2/8/2010 1:26:13 PM | Computer Name = SWITKOWSKI | Source = MsiInstaller | ID = 10005
Description = Product: McAfee VirusScan Enterprise -- This installation cannot continue
because McAfee VirusScan Online is already installed. McAfee VirusScan Enterprise
Setup will now exit. For more information, please contact your Administrator.

Error - 2/8/2010 1:26:13 PM | Computer Name = SWITKOWSKI | Source = MsiInstaller | ID = 1023
Description = Product: McAfee VirusScan Enterprise - Update 'Patch 8 for McAfee
VirusScan Enterprise 8.5' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\McAfeeLogs\VSEInst.log.

Error - 2/8/2010 7:37:53 PM | Computer Name = SWITKOWSKI | Source = Application Error | ID = 1000
Description = Faulting application windowssearch.exe, version 2.6.5000.5378, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000120e.

Error - 2/8/2010 7:37:58 PM | Computer Name = SWITKOWSKI | Source = MsiInstaller | ID = 10005
Description = Product: McAfee VirusScan Enterprise -- This installation cannot continue
because McAfee VirusScan Online is already installed. McAfee VirusScan Enterprise
Setup will now exit. For more information, please contact your Administrator.

Error - 2/8/2010 7:37:59 PM | Computer Name = SWITKOWSKI | Source = MsiInstaller | ID = 1023
Description = Product: McAfee VirusScan Enterprise - Update 'Patch 8 for McAfee
VirusScan Enterprise 8.5' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\McAfeeLogs\VSEInst.log.

Error - 2/8/2010 9:59:24 PM | Computer Name = SWITKOWSKI | Source = Application Hang | ID = 1002
Description = Hanging application Your PC Protector.exe, version 1.0.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/8/2010 10:19:22 PM | Computer Name = SWITKOWSKI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/8/2010 10:19:22 PM | Computer Name = SWITKOWSKI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/8/2010 10:19:22 PM | Computer Name = SWITKOWSKI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/8/2010 10:19:22 PM | Computer Name = SWITKOWSKI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/8/2010 10:19:22 PM | Computer Name = SWITKOWSKI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/8/2010 10:19:23 PM | Computer Name = SWITKOWSKI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/8/2010 10:19:23 PM | Computer Name = SWITKOWSKI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/8/2010 10:19:23 PM | Computer Name = SWITKOWSKI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/8/2010 10:19:23 PM | Computer Name = SWITKOWSKI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/9/2010 12:51:58 AM | Computer Name = SWITKOWSKI | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

SebastianJ
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-02-22
OS OS : Windows XP
Points Points : 28526
# Likes # Likes : 0

View user profile

Back to top Go down

Re: False Windows Security Center Virus

Post by Dr Jay on Tue Feb 09, 2010 9:14 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14261
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302888
# Likes # Likes : 10

View user profile

Back to top Go down

Re: False Windows Security Center Virus

Post by SebastianJ on Tue Feb 09, 2010 10:41 am

comboFix ( commy.exe ) will not run

SebastianJ
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-02-22
OS OS : Windows XP
Points Points : 28526
# Likes # Likes : 0

View user profile

Back to top Go down

Re: False Windows Security Center Virus

Post by Dr Jay on Tue Feb 09, 2010 12:17 pm

Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to blackpudding.bat


Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14261
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302888
# Likes # Likes : 10

View user profile

Back to top Go down

Re: False Windows Security Center Virus

Post by SebastianJ on Tue Feb 09, 2010 4:41 pm

I was able to run comboFix. However, the internet was temporarily disconnected and the windows recovery console download was aborted. Is ths something I can install after running comboFix again or is it critical to how comboFix works? Below is my initial comboFix log.


ComboFix 10-02-09.01 - Sebastian 02/09/2010 15:09:45.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.886 [GMT -6:00]
Running from: c:\documents and settings\Sebastian\desktop\blackpudding.bat
Command switches used :: /killall

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sebastian\Desktop\Your PC Protector.lnk
c:\documents and settings\Sebastian\Start Menu\Programs\Your PC Protector
c:\documents and settings\Sebastian\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk
c:\program files\adc32.dll
c:\program files\alggui.exe
c:\program files\Mozilla Firefox\extensions\{755C54AC-3120-42D3-9CE3-B8EB25248150}
c:\program files\Mozilla Firefox\extensions\{755C54AC-3120-42D3-9CE3-B8EB25248150}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{755C54AC-3120-42D3-9CE3-B8EB25248150}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{755C54AC-3120-42D3-9CE3-B8EB25248150}\install.rdf
c:\program files\nuar.old
c:\program files\svchost.exe
c:\program files\wp3.dat
c:\program files\wp4.dat
c:\program files\Your PC Protector
c:\program files\Your PC Protector\Your PC Protector.exe
c:\temp\fse
c:\temp\fse\tmpZTF.log
c:\windows\run.log
c:\windows\system32\f10WtR
c:\windows\system32\lapujide.dll
c:\windows\system32\rituvuza.dll
c:\windows\system32\rudahazi.dll
c:\windows\Tasks\owshgnhm.job
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADBUPD
-------\Legacy_FREEZESCREENSAVER
-------\Service_AdbUpd
-------\Service_FreezeScreenSaver


((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-09 02:04 . 2010-02-09 20:45 -------- d-----w- c:\program files\schtml
2010-02-09 02:02 . 2010-02-09 02:02 -------- d-sh--w- c:\documents and settings\Sebastian\PrivacIE
2010-02-09 02:00 . 2010-02-09 02:00 -------- d-----w- C:\Your PC Protector
2010-02-09 01:59 . 2010-02-09 01:59 36 ----a-w- c:\program files\skynet.dat
2010-02-09 01:58 . 2010-02-09 01:58 1057800 ----a-w- c:\program files\wpp.exe
2010-01-27 00:49 . 2010-01-27 00:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-26 03:07 . 2010-01-26 03:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-25 23:16 . 2010-01-25 23:16 -------- d-sh--w- c:\documents and settings\Sebastian\IETldCache
2010-01-25 22:18 . 2010-01-25 22:18 -------- d-----w- c:\windows\ie8updates
2010-01-25 22:17 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-25 22:17 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-25 22:14 . 2010-01-25 22:17 -------- dc-h--w- c:\windows\ie8
2010-01-25 22:07 . 2010-01-25 22:07 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-25 22:07 . 2010-01-25 22:07 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-25 22:07 . 2010-01-25 22:07 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-25 22:07 . 2010-01-25 22:07 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-12 23:30 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 02:19 . 2005-08-02 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2010-02-09 02:19 . 2006-09-25 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-09 01:53 . 2008-09-30 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 14:25 . 2007-12-12 04:33 -------- d-----w- c:\documents and settings\Sebastian\Application Data\Move Networks
2010-01-25 23:55 . 2005-08-20 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-25 23:39 . 2005-08-18 18:15 117864 ----a-w- c:\documents and settings\Sebastian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 22:42 . 2009-02-20 06:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-23 09:18 . 2008-11-10 00:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-21 19:14 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-02-20 03:46 . 2009-02-20 03:46 10240 --sh--w- c:\program files\expdebug.exe
2005-08-30 03:08 . 2005-08-30 03:08 56 --sh--r- c:\windows\SYSTEM32\98A10D6F21.sys
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\SYSTEM32\bunuzope.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\SYSTEM32\panosuba.dll
1601-01-01 00:03 . 1601-01-01 00:03 54272 --sha-w- c:\windows\SYSTEM32\rakujotu.dll
1601-01-01 00:03 . 1601-01-01 00:03 54272 --sha-w- c:\windows\SYSTEM32\sekanawo.dll
1601-01-01 00:03 . 1601-01-01 00:03 60928 --sha-w- c:\windows\SYSTEM32\suhalewo.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\SYSTEM32\zewewegi.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d43699ca-ac0e-47f2-93e5-3c67a192d3f3}]
1601-01-01 00:03 54272 --sha-w- c:\windows\SYSTEM32\rakujotu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\ponky\progs\AIM\aim.exe" [2004-09-01 66672]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"fosimurik"="c:\windows\system32\bunuzope.dll" [1601-01-01 93184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2006-4-11 315392]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-03-03 04:59 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2004-09-01 16:26 66672 ----a-w- c:\ponky\progs\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
2004-09-22 18:08 987136 ----a-w- c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 15:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
2004-08-22 20:31 1327104 ----a-w- c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-10-20 06:59 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 22:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-10-20 06:59 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Autodesk Licensing Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\ponky\\progs\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\SYSTEM32\\logon.scr"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:*:Disabled:Azureus
"18269:UDP"= 18269:UDP:*:Disabled:bitcomet
"18269:TCP"= 18269:TCP:*:Disabled:bitcomet
"24537:TCP"= 24537:TCP:BitComet 24537 TCP
"24537:UDP"= 24537:UDP:BitComet 24537 UDP

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/16/2007 12:51 AM 24652]
S0 bsuxs;bsuxs;c:\windows\system32\drivers\epnzrs.sys --> c:\windows\system32\drivers\epnzrs.sys [?]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys [9/2/2004 8:01 PM 396480]
S3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\SYSTEM32\DRIVERS\DLKRTS.SYS [8/19/2005 7:25 PM 45568]
.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Sebastian\Application Data\Mozilla\Firefox\Profiles\7flzcls6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Sebastian\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_0305000D.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} - c:\program files\adc32.dll
HKCU-Run-Adobe Loader - c:\program files\adb9_32.exe
HKLM-Run-ShStatEXE - c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE
SharedTaskScheduler-{57047f77-0898-45da-98c5-2647b93ab8ee} - c:\windows\system32\rituvuza.dll
SharedTaskScheduler-{fe7d4df8-8f89-484b-afce-ff60d17984f9} - c:\windows\system32\rituvuza.dll
SSODL-ripalomih-{cb4b91bd-eab5-4ddf-a661-9dbb5f9e4c79} - (no file)
MSConfigStartUp-0875775d - c:\windows\system32\qeyrfqqk.dll
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-bgsmsnd - c:\windows\system32\bgsmsnd.exe
MSConfigStartUp-BM0b4644c1 - c:\windows\system32\narxnnjv.dll
MSConfigStartUp-Creative Detector - c:\program files\Creative\MediaSource\Detector\CTDetect.exe
MSConfigStartUp-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe
MSConfigStartUp-mmtask - c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
MSConfigStartUp-MMTray - c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
MSConfigStartUp-Monitor calibration - c:\documents and settings\All Users\Application Data\AV1\AV1i.exe
MSConfigStartUp-prunnet - c:\docume~1\SEBAST~1\LOCALS~1\Temp\prun.exe
MSConfigStartUp-SysMetrix - c:\ponky\progs\SysMetrix\SysMetrix.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
AddRemove-ASUS Probe V2.25.02 - c:\program files\ASUS\Asus Probe\DeIsL1.isu
AddRemove-HijackThis - d:\utilities\hijackthis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-09 15:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-659635599-2904141828-3585602950-1006\Software\Creative Tech\Component Installed\{B17F00C9-19EC-43A2-BD81-44D8E5D4D994}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\x**0 ]
"AlwaysCovertFormat"=dword:00000000
"Format"=dword:00000000
"Format_Channel"=dword:00000002
"Format_Value"=dword:00000000
"Format_Quality"=dword:0001f400
"Encoding Language"=dword:00000000

[HKEY_USERS\S-1-5-21-659635599-2904141828-3585602950-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(164)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SoftwareDistribution\Download\abce9aad3dbe2b7775faf585c070cc03\update\update.exe
.
**************************************************************************
.
Completion time: 2010-02-09 15:34:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-09 21:34

Pre-Run: 13,363,986,432 bytes free
Post-Run: 13,345,714,176 bytes free

- - End Of File - - 75486C1A5370A0BD5A25A34516718961

SebastianJ
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-02-22
OS OS : Windows XP
Points Points : 28526
# Likes # Likes : 0

View user profile

Back to top Go down

Re: False Windows Security Center Virus

Post by Dr Jay on Tue Feb 09, 2010 11:23 pm

Please download RootRepeal from [You must be registered and logged in to see this link.].

  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14261
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302888
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum