W32.desktophijack

View previous topic View next topic Go down

W32.desktophijack

Post by rymalibouk on 17th August 2011, 9:01 pm

Hello, I am helping a buddy with his PC. He is computer illiterate and I told him that I could fix it. I am in a slump right now and could use some assistance. I followed everything that you want and will post the results.

The virus seems to be W32.desktophijack. Anytime that I do anything with any program his expired norton pops up saying C:\WINDOWS\system32\wininet.dll is infected or along those lines.





OTL logfile created on: 8/17/2011 5:14:39 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Jason\Desktop\Cade
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

255.49 Mb Total Physical Memory | 75.30 Mb Available Physical Memory | 29.47% Memory free
618.71 Mb Paging File | 436.42 Mb Available in Paging File | 70.54% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.54 Gb Total Space | 2.25 Gb Free Space | 23.55% Space Free | Partition Type: FAT32
Drive D: | 10.01 Gb Total Space | 10.01 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 18.60 Gb Total Space | 17.74 Gb Free Space | 95.40% Space Free | Partition Type: FAT32
Drive F: | 243.73 Mb Total Space | 215.00 Mb Free Space | 88.22% Space Free | Partition Type: FAT

Computer Name: JASON | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 16:28:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\Cade\OTL.com
PRC - [2005/08/16 09:17:38 | 000,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/07/22 21:15:24 | 000,352,256 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe
PRC - [2005/07/22 21:15:24 | 000,273,920 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe
PRC - [2005/07/22 21:15:24 | 000,084,480 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
PRC - [2005/07/22 21:15:22 | 000,330,240 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
PRC - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/03/23 15:34:52 | 000,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/03/23 15:34:36 | 000,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/03/23 15:34:32 | 000,058,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/01/10 08:20:42 | 000,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
PRC - [2005/01/10 08:20:22 | 000,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\navapsvc.exe
PRC - [2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/25 14:49:02 | 001,847,296 | ---- | M] (BellSouth) -- C:\Program Files\Support.com\bin\tgcmd.exe
PRC - [2004/07/21 11:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2004/03/24 12:46:58 | 000,233,472 | R--- | M] (Netopia, Inc.) -- C:\Program Files\Netopia\C3kWepN.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (No Company Name) ==========

MOD - [2005/07/22 21:15:24 | 000,497,152 | ---- | M] () -- C:\Program Files\Grisoft\AVG Free\avgres.dll
MOD - [2005/07/22 21:15:24 | 000,338,432 | ---- | M] () -- C:\Program Files\Grisoft\AVG Free\avgset.dll
MOD - [2005/07/22 21:15:24 | 000,014,336 | ---- | M] () -- C:\Program Files\Grisoft\AVG Free\avgf.dll
MOD - [2005/05/02 15:52:36 | 000,657,920 | ---- | M] () -- C:\WINDOWS\SYSTEM32\wininet.dll
MOD - [2004/07/25 14:48:10 | 000,094,208 | ---- | M] () -- C:\Program Files\Support.com\bin\sdcdetect.dll
MOD - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2005/08/16 09:17:38 | 000,822,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/07/22 21:15:24 | 000,084,480 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2005/07/22 21:15:22 | 000,330,240 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/23 15:34:52 | 000,165,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/03/23 15:34:48 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/03/23 15:34:36 | 000,198,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/03/07 14:59:36 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/01/10 12:20:50 | 000,067,184 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
SRV - [2005/01/10 08:20:42 | 000,046,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor)
SRV - [2005/01/10 08:20:22 | 000,177,264 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/07/21 11:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/10/21 10:16:58 | 000,465,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2005/08/16 09:17:38 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/09 20:07:48 | 000,188,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20050809.020\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/07/28 14:52:18 | 000,123,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/07/22 21:15:28 | 000,021,120 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2005/07/22 21:15:28 | 000,004,704 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys -- (AvgTdi)
DRV - [2005/07/22 21:15:26 | 000,668,704 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2005/07/22 21:15:26 | 000,004,320 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2005/07/13 04:00:00 | 000,632,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050815.041\NAVEX15.SYS -- (NAVEX15)
DRV - [2005/07/13 04:00:00 | 000,073,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050815.041\NAVENG.SYS -- (NAVENG)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 11:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 11:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 11:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 11:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/03/07 14:59:50 | 000,050,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/03/07 14:59:44 | 000,338,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/07/21 11:24:04 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2003/12/17 16:58:08 | 000,082,888 | ---- | M] (SAMSUNG Electro-Mechanics Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swld23u.sys -- (SWLD23U)
DRV - [2003/09/17 06:23:58 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\pcandis5.sys -- (PCANDIS5)
DRV - [2003/05/02 17:26:18 | 000,053,690 | ---- | M] (Samsung Electro-Mechanics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swlubtl.sys -- (swlubtl)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (VideoCCodec Class) - {58DBCE03-FFC3-4452-AB1D-C19EE9825A50} - C:\WINDOWS\videoc.dll ()
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [AVG7_EMC] C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe (Netopia, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [tgcmd] C:\Program Files\Support.com\BellSouth\hcenter.exe (BellSouth)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/12 19:13:04 | 000,000,092 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - IEJAVA
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 7.0.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {280ad020-daec-11d2-83c7-0000f8051539} - Mobile processor update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 7.0.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {34718640-ecfa-11d2-b5da-00a0c90833e8} - Windows 98 Second Edition
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015D} - DirectX Layer
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47f67d00-9e55-11d1-baef-00c04fc2d130} - AOL Support Files
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {50daafc0-e217-11d2-83c7-0000f8051539} - Continuous windows operation fix
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {76C19B50-F0C8-11cf-87CC-0020AFEECF20} - Language Auto-Selection
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {893c7200-9dd-11d2-b0d6-00c04f777f0c} - Microsoft Libraries update
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9a2e4ab0-9a7e-11d2-9da1-00c04f98bbc9} - Windows Media Player Codecs
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {b59c7da0-daea-11d2-83c7-0000f8051539} - Registration wizard update
ActiveX: {B9A1063C-F9CC-11D1-8E01-0020AFE53FCF} - Active accessibility update
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA0A4247-44BE-11d1-A005-00805F8ABE06} - RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5925FA0-73D1-11D2-BCC5-0000F83002C6} - Windows 98 Year 2000 Update
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: MmoptPreferredAudioDevices - Windows Setup - Multimedia

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\LHACM.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VDOM - vdowave.drv File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 17:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Desktop\Cade
[2011/08/17 16:57:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jason\Recent
[2011/08/17 16:56:05 | 000,000,000 | -HSD | C] -- C:\Recycled
[2011/08/17 16:55:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/17 16:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Malwarebytes
[2011/08/17 16:04:43 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/17 16:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/17 16:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/17 16:04:36 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/17 16:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/17 16:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/17 16:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Start Menu\Programs\HiJackThis
[2011/08/17 15:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/17 14:55:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/08/17 14:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2011/08/17 14:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011/08/17 14:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/08/17 14:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011/08/17 14:26:17 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2011/08/17 14:26:16 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011/08/17 14:21:43 | 000,465,152 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\rt73.sys
[2011/08/17 14:21:43 | 000,465,152 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys
[2011/08/17 14:21:42 | 000,017,992 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcm42rly.sys
[2011/08/17 14:21:42 | 000,017,992 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\bcm42rly.sys
[2011/08/17 14:21:42 | 000,017,992 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\bcm42rly.sys
[2011/08/17 14:21:42 | 000,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys
[2011/08/17 14:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Compact Wireless-G USB Adapter
[2011/08/17 14:21:41 | 000,032,768 | ---- | C] (Gemtek) -- C:\WINDOWS\System32\GTGina.dll
[2011/08/17 14:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2011/08/17 14:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\InstallShield
[2011/08/17 14:20:04 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2011/08/17 14:17:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/08/17 14:17:07 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/08/17 14:14:43 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2004/11/08 22:24:35 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/17 17:06:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/17 17:06:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/17 17:06:02 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 14:25:04 | 000,305,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/17 14:25:04 | 000,037,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/17 14:21:36 | 000,000,962 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 14:21:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/08/17 14:21:41 | 000,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD
[2011/08/17 14:21:35 | 000,000,962 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2005/08/10 16:21:18 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\intell32.exe
[2005/08/10 16:21:16 | 000,011,736 | ---- | C] () -- C:\WINDOWS\videoc.dat
[2005/08/10 16:21:15 | 000,026,400 | ---- | C] () -- C:\WINDOWS\videoc.dll
[2005/07/21 23:45:17 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2005/07/21 23:44:38 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2005/07/21 23:44:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2005/07/21 22:46:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/21 22:39:24 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2005/07/21 22:39:24 | 000,003,566 | ---- | C] () -- C:\WINDOWS\APLCSS02.INI
[2005/07/21 22:39:24 | 000,001,657 | ---- | C] () -- C:\WINDOWS\APLDJC02.INI
[2005/07/21 22:39:24 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2005/07/21 22:39:24 | 000,000,300 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/07/21 22:39:24 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2005/07/21 22:39:24 | 000,000,193 | ---- | C] () -- C:\WINDOWS\hpc.ini
[2005/07/21 22:39:24 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/07/21 22:39:24 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2005/07/21 22:39:24 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2005/07/21 22:39:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/07/21 22:39:24 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2005/07/21 22:39:24 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2005/07/21 22:39:24 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SHAREMEM.INI
[2005/07/21 22:39:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005/07/21 22:39:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2005/07/21 22:39:23 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2005/07/21 22:39:23 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2005/07/21 22:39:23 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2005/07/21 22:39:23 | 000,000,909 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/21 22:39:23 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2005/07/21 22:39:23 | 000,000,172 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2005/07/21 22:36:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/07/21 22:29:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/07/21 22:28:08 | 000,212,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/21 22:16:49 | 000,657,920 | ---- | C] () -- C:\WINDOWS\System32\wininet.dll
[2005/07/21 22:16:16 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/07/21 22:16:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/07/21 22:16:07 | 000,305,318 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/21 22:16:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/07/21 22:16:07 | 000,037,760 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/07/21 22:16:07 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/07/21 22:16:04 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/07/21 22:15:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/07/21 22:15:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/07/21 22:15:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/07/21 22:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/07/21 22:15:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005/07/21 22:15:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/07/21 22:14:54 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/04/05 00:54:17 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\Apollouninst.exe
[2005/04/04 20:12:35 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\Hpfmicm.exe
[2005/04/04 20:12:35 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\Hpfaicm.exe
[2004/11/08 22:24:35 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2004/03/16 22:42:49 | 000,000,746 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/03/13 16:06:13 | 000,016,384 | ---- | C] () -- C:\WINDOWS\MSIMGSIZ.DAT
[2004/03/12 19:35:48 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2004/03/12 19:16:45 | 000,008,766 | ---- | C] () -- C:\WINDOWS\hh.dat
[2004/03/12 19:06:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\VIA4in1.exe
[2004/03/12 19:05:47 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\W9XSETUP.DLL
[2004/03/12 18:58:43 | 000,188,448 | RH-- | C] () -- C:\WINDOWS\HWINFO.DAT
[2004/03/12 18:58:01 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/04/12 20:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1999/11/05 09:26:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[1997/09/30 19:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1980/01/01 00:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1980/01/01 00:00:00 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[1980/01/01 00:00:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2004/03/12 18:44:44 | 000,000,000 | R--D | M] -- C:\Program Files\Common Files
[2004/06/24 17:21:16 | 000,000,000 | ---D | M] -- C:\Program Files\EACOM
[2004/03/12 18:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\CHAT
[2004/03/12 18:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\PLUS!
[2004/03/12 18:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2004/03/12 18:44:44 | 000,000,000 | R--D | M] -- C:\Program Files\Accessories
[2004/03/12 18:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2004/03/12 18:44:44 | 000,000,000 | R--D | M] -- C:\Program Files\NetMeeting
[2004/03/12 18:44:44 | 000,000,000 | R--D | M] -- C:\Program Files\Outlook Express
[2004/03/12 18:44:44 | 000,000,000 | R--D | M] -- C:\Program Files\Windows Media Player
[2004/03/12 18:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2004/03/12 18:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\DirectX
[2004/03/12 19:07:16 | 000,000,000 | ---D | M] -- C:\Program Files\VIA Technologies, Inc
[2004/03/12 19:27:36 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2004/03/12 19:35:48 | 000,000,000 | ---D | M] -- C:\Program Files\Illustrate
[2004/03/15 14:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\Elaborate Bytes
[2004/03/12 19:44:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/03/12 19:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2004/03/13 11:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\Hemera
[2004/03/15 23:09:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2004/03/16 16:21:34 | 000,000,000 | ---D | M] -- C:\Program Files\Globetrotter 2
[2004/03/17 17:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\EA SPORTS
[2004/04/02 19:03:50 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2004/04/02 19:01:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/08/17 17:52:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2004/08/17 17:55:28 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2005/04/04 20:12:36 | 000,000,000 | ---D | M] -- C:\Program Files\APOLLO P-2000U Series
[2005/07/21 22:34:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/07/21 22:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2005/07/21 22:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2005/07/21 22:35:48 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2005/07/21 22:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2005/07/21 22:36:58 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/07/21 22:41:38 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2005/07/21 22:41:38 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2005/07/21 23:45:38 | 000,000,000 | ---D | M] -- C:\Program Files\BroadJump
[2005/07/21 23:56:28 | 000,000,000 | ---D | M] -- C:\Program Files\BellSouth
[2005/07/21 23:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\Netopia
[2005/07/22 00:02:26 | 000,000,000 | ---D | M] -- C:\Program Files\Support.com
[2005/07/22 21:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2005/07/22 21:21:34 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2005/07/22 22:25:48 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2005/08/16 09:16:48 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2005/08/16 09:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\Norton AntiVirus
[2011/08/17 15:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2005/08/16 09:31:22 | 000,000,000 | ---D | M] -- C:\Program Files\SymNetDrv
[2011/08/17 14:21:40 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2011/08/17 14:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011/08/17 14:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011/08/17 14:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/08/17 14:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2011/08/17 16:03:06 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2011/08/17 16:04:38 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware


< MD5 for: AGP440.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\dllcache\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/04 12:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/04 12:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/04 12:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004/08/04 12:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/04 12:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/04 12:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/04 12:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004/08/04 12:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< End of report >

rymalibouk
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-02-19
Gender Gender : Male
OS OS : Windows Vista 64
Points Points : 25294
# Likes # Likes : 0

View user profile

Back to top Go down

Re: W32.desktophijack

Post by rymalibouk on 17th August 2011, 9:01 pm

OTL Extras logfile created on: 8/17/2011 5:14:39 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Jason\Desktop\Cade
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

255.49 Mb Total Physical Memory | 75.30 Mb Available Physical Memory | 29.47% Memory free
618.71 Mb Paging File | 436.42 Mb Available in Paging File | 70.54% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.54 Gb Total Space | 2.25 Gb Free Space | 23.55% Space Free | Partition Type: FAT32
Drive D: | 10.01 Gb Total Space | 10.01 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 18.60 Gb Total Space | 17.74 Gb Free Space | 95.40% Space Free | Partition Type: FAT32
Drive F: | 243.73 Mb Total Space | 215.00 Mb Free Space | 88.22% Space Free | Partition Type: FAT

Computer Name: JASON | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Support.com\bin\tgcmd.exe" = C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:BellSouth Bulletin and Job processor -- (BellSouth)
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG Free\avgemc.exe" = C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe -- (GRISOFT, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{13F069A5-B956-414C-878D-5B036ABC4016}" = Hemera Photo-Objects 3,000 Special Edition
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{327719E5-B166-413C-996A-65327D5B9090}" = Serif DrawPlus 7.0 Design CD
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4B24B3C1-1F8E-4974-BA58-39F951BDFA50}" = Serif PagePlus 8.0 Design CD-ROM
"{5450C19C-CA94-4a11-8984-46C2608EC73C}" = VideoC codec and search tool
"{6C677A88-ACCE-41F6-ADFA-E48C30718CEB}" = Tiger Woods PGA TOUR 2002
"{7399656A-A683-41F9-8B81-B49A5138B76C}" = Serif PhotoPlus 9.0
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{924D8117-FCB5-4CCA-914E-2661B448EC96}" = Serif DrawPlus 7.0
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero Express
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B77E6613-61BE-4468-9FEC-53B498607105}" = Serif MediaPlus 1.0
"{BDC83FD3-1A0F-46FB-8852-5E9A94294143}" = Serif PagePlus 8.0
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{D04D92A8-10E0-4CF3-A8A5-F1F29B38E465}" = Serif PhotoPlus 9.0 Resource CD-ROM
"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D7FB76C8-3A76-49A1-B1A4-C686E4B067B9}" = BellSouth Wireless LAN USB Adapter
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{F8650CB3-89F1-4AE0-81AC-917423C58DB8}" = Serif PhotoPlus Association File Formats
"{FDF3A1E0-186A-11D5-0089-C400C04FAE70}" = NHL 2002
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"APOLLO P-2000U Series" = APOLLO P-2000U Series
"AVG7Uninstall" = AVG Free Edition
"BellSouth" = BellSouth FastAccess DSL Help Center
"BroadJump Client Foundation" = BroadJump Client Foundation
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"GameSpy Arcade" = GameSpy Arcade
"Globetrotter 2" = Globetrotter 2
"InstallShield_{13F069A5-B956-414C-878D-5B036ABC4016}" = Hemera Photo-Objects 3,000 Special Edition
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"QuickTime" = QuickTime
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005 (Symantec Corporation)
"Windows" = Windows XP Uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2005 9:13:20 PM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 9.0.0.3822, faulting module
mso9.dll, version 9.0.0.3821, fault address 0x0006b98a.

Error - 8/17/2011 3:51:34 PM | Computer Name = JASON | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Data error (cyclic redundancy
check). for C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\\UsrClass.dat

Error - 8/17/2011 3:51:35 PM | Computer Name = JASON | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Data error
(cyclic redundancy check).

Error - 8/17/2011 3:52:33 PM | Computer Name = JASON | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Data error (cyclic redundancy
check). for C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\\UsrClass.dat

Error - 8/17/2011 3:52:33 PM | Computer Name = JASON | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Data error
(cyclic redundancy check).

[ System Events ]
Error - 8/17/2011 4:52:52 PM | Computer Name = JASON | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/17/2011 4:52:52 PM | Computer Name = JASON | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/17/2011 4:52:52 PM | Computer Name = JASON | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/17/2011 4:52:52 PM | Computer Name = JASON | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/17/2011 4:52:52 PM | Computer Name = JASON | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/17/2011 4:52:52 PM | Computer Name = JASON | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/17/2011 4:52:52 PM | Computer Name = JASON | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/17/2011 4:52:52 PM | Computer Name = JASON | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/17/2011 4:52:52 PM | Computer Name = JASON | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/17/2011 4:52:52 PM | Computer Name = JASON | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

rymalibouk
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-02-19
Gender Gender : Male
OS OS : Windows Vista 64
Points Points : 25294
# Likes # Likes : 0

View user profile

Back to top Go down

Re: W32.desktophijack

Post by rymalibouk on 17th August 2011, 9:02 pm

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-17 17:27:32
-----------------------------
17:27:32.921 OS Version: Windows 5.1.2600 Service Pack 2
17:27:32.921 Number of processors: 1 586 0x801
17:27:32.953 ComputerName: JASON UserName: Jason
17:27:33.578 Initialize success
17:28:18.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:28:18.203 Disk 0 Vendor: Maxtor_34098H4 YAH814Y0 Size: 39083MB BusType: 3
17:28:20.234 Disk 0 MBR read successfully
17:28:20.234 Disk 0 MBR scan
17:28:20.234 Disk 0 unknown MBR code
17:28:20.250 Disk 0 scanning sectors +80051895
17:28:20.375 Disk 0 scanning C:\WINDOWS\system32\drivers
17:28:23.984 Service scanning
17:28:25.500 Modules scanning
17:28:49.812 Disk 0 trace - called modules:
17:28:49.828 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
17:28:49.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81bd49c0]
17:28:49.828 3 CLASSPNP.SYS[f9a8305b] -> nt!IofCallDriver -> \Device\00000066[0x81bcef18]
17:28:49.828 5 ACPI.sys[f99e9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81bd07f8]
17:28:50.328 Scan finished successfully
17:29:04.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jason\Desktop\Cade\MBR.dat"
17:29:04.671 The log file has been saved successfully to "C:\Documents and Settings\Jason\Desktop\Cade\aswMBR.txt"



rymalibouk
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-02-19
Gender Gender : Male
OS OS : Windows Vista 64
Points Points : 25294
# Likes # Likes : 0

View user profile

Back to top Go down

Re: W32.desktophijack

Post by rymalibouk on 17th August 2011, 9:02 pm

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 2
[You must be registered and logged in to see this link.]
Internet Explorer 5 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG Free Edition
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus 2005
Norton AntiVirus SYMLT MSI
Norton AntiVirus Parent MSI
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgemc.exe
Norton AntiVirus navapsvc.exe
Norton AntiVirus IWP NPFMntor.exe
``````````End of Log````````````

rymalibouk
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-02-19
Gender Gender : Male
OS OS : Windows Vista 64
Points Points : 25294
# Likes # Likes : 0

View user profile

Back to top Go down

Re: W32.desktophijack

Post by rymalibouk on 17th August 2011, 9:05 pm

I am going to have to find a different friend with a PS2 keyboard that I can borrow. This computer has 2 USB slots and I need them for the mouse/keyboard/ and USB wireless adapter.

I tried to update some programs but at first the PC kept freezing in the middle of everything. I think that has gone away, and can do it now. I will wait for instructions before I do anything so that nothing has changed.


anyways, thanks!

rymalibouk
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-02-19
Gender Gender : Male
OS OS : Windows Vista 64
Points Points : 25294
# Likes # Likes : 0

View user profile

Back to top Go down

Re: W32.desktophijack

Post by Sneakyone on 17th August 2011, 10:07 pm

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum