possible Malware/virus

View previous topic View next topic Go down

possible Malware/virus

Post by luvantigua on 25th August 2011, 4:50 am

I cannot shut down or restart the computer. I'm also unable to use internet explorer in safe mode. The virus will not allow me to update malwarebytes. Thanks in advance. (4 posts)
OTL Extras logfile created on: 8/25/2011 12:24:55 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 485.87 Mb Available Physical Memory | 47.50% Memory free
2.41 Gb Paging File | 1.63 Gb Available in Paging File | 67.66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.49 Gb Total Space | 121.74 Gb Free Space | 83.67% Space Free | Partition Type: NTFS

Computer Name: ROSE | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 1
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9789:TCP" = 9789:TCP:*:Enabled:BitComet 9789 TCP
"9789:UDP" = 9789:UDP:*:Enabled:BitComet 9789 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\BitTorrent_DNA\dna.exe" = C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}" = QuickTime
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1" = Spy Sweeper
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E5DBE0-B15B-4AEC-8E3B-700A91A5173C}" = PHStat2
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"BitLord" = BitLord 1.1
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Shrink_is1" = DVD Shrink 3.2
"ewidoantispyware4" = ewido anti-spyware 4.0
"F5 Networks Client Components" = BIG-IP Edge Client Components (All Users)
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"InstallShield_{B7E5DBE0-B15B-4AEC-8E3B-700A91A5173C}" = PHStat2
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Lexmark 5200 Series" = Lexmark 5200 Series
"Lexmark X74-X75" = Lexmark X74-X75
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MinitabDeinstKeySV" = Minitab Student Release 12
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QM for Windows (Version 2)" = QM for Windows (Version 2)
"RealPlayer 6.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vodei Multimedia Processor" = Vodei Multimedia Processor 2.00
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/24/2011 4:25:15 PM | Computer Name = ROSE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Standard -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Standard. The Windows installer
cannot continue.

Error - 8/24/2011 6:59:03 PM | Computer Name = ROSE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2260 (0x8d4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\SYSTEM32\occache.dll

by C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/24/2011 7:02:51 PM | Computer Name = ROSE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5464 (0x1558) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\McAfee\VirusScan\McVsMap.exe

by C:\WINDOWS\system32\svchost.exe 4(109)(0) 4(109)(0) 7200(47)(0) 7595(47)(0)
7005(31)(0) 7004(31)(0) 5006(31)(0) 5004(31)(0)

Error - 8/24/2011 7:06:32 PM | Computer Name = ROSE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4928 (0x1340) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\McAfee\VirusScan\McVsMap.exe

by C:\WINDOWS\system32\svchost.exe 4(15)(0) 4(15)(0) 7200(15)(0) 7595(15)(0) 7005(15)(0)

7004(15)(0) 5006(15)(0) 5004(15)(0)

Error - 8/24/2011 7:10:12 PM | Computer Name = ROSE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3412 (0xd54) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\McAfee\VirusScan\McVsMap.exe

by C:\WINDOWS\system32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/24/2011 7:13:53 PM | Computer Name = ROSE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2316 (0x90c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\McAfee\VirusScan\McVsMap.exe

by C:\WINDOWS\system32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/24/2011 7:17:34 PM | Computer Name = ROSE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1632 (0x660) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\McAfee\VirusScan\McVsMap.exe

by C:\WINDOWS\system32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/24/2011 11:06:18 PM | Computer Name = ROSE | Source = Application Hang | ID = 1002
Description = Hanging application qttask.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2011 11:06:18 PM | Computer Name = ROSE | Source = Application Hang | ID = 1002
Description = Hanging application qttask.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2011 11:06:19 PM | Computer Name = ROSE | Source = SpySweeper.exe | ID = 0
Description =

[ System Events ]
Error - 8/24/2011 7:15:53 PM | Computer Name = ROSE | Source = DCOM | ID = 10010
Description = The server {44603E4D-56AE-4C42-ABE4-EC155FE8F1CD} did not register
with DCOM within the required timeout.

Error - 8/24/2011 7:19:34 PM | Computer Name = ROSE | Source = DCOM | ID = 10010
Description = The server {44603E4D-56AE-4C42-ABE4-EC155FE8F1CD} did not register
with DCOM within the required timeout.

Error - 8/24/2011 7:21:44 PM | Computer Name = ROSE | Source = DCOM | ID = 10010
Description = The server {44603E4D-56AE-4C42-ABE4-EC155FE8F1CD} did not register
with DCOM within the required timeout.

Error - 8/24/2011 7:23:54 PM | Computer Name = ROSE | Source = DCOM | ID = 10010
Description = The server {44603E4D-56AE-4C42-ABE4-EC155FE8F1CD} did not register
with DCOM within the required timeout.

Error - 8/24/2011 7:26:04 PM | Computer Name = ROSE | Source = DCOM | ID = 10010
Description = The server {44603E4D-56AE-4C42-ABE4-EC155FE8F1CD} did not register
with DCOM within the required timeout.

Error - 8/24/2011 7:28:15 PM | Computer Name = ROSE | Source = DCOM | ID = 10010
Description = The server {44603E4D-56AE-4C42-ABE4-EC155FE8F1CD} did not register
with DCOM within the required timeout.

Error - 8/24/2011 11:05:22 PM | Computer Name = ROSE | Source = Dhcp | ID = 1002
Description = The IP address lease 68.10.252.72 for the Network Card with network
address 0015A30CC0F9 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 8/24/2011 11:05:43 PM | Computer Name = ROSE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
the Network Card with network address 0015A30CC0F9.

Error - 8/24/2011 11:05:51 PM | Computer Name = ROSE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate Notice Service
service to connect.

Error - 8/24/2011 11:51:00 PM | Computer Name = ROSE | Source = Schedule | ID = 7901
Description = The At24.job command failed to start due to the following error: %%2147942402


< End of report >

luvantigua
Novice
Novice

Posts Posts : 6
Joined Joined : 2011-08-24
OS OS : windows xp
Points Points : 19416
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible Malware/virus

Post by luvantigua on 25th August 2011, 4:51 am

OTL logfile created on: 8/25/2011 12:24:55 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 485.87 Mb Available Physical Memory | 47.50% Memory free
2.41 Gb Paging File | 1.63 Gb Available in Paging File | 67.66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.49 Gb Total Space | 121.74 Gb Free Space | 83.67% Space Free | Partition Type: NTFS

Computer Name: ROSE | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/24 23:25:53 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Wayne\Desktop\aswMBR.exe
PRC - [2011/08/24 23:17:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.com
PRC - [2011/08/21 23:46:34 | 000,039,432 | ---- | M] () -- C:\Program Files\QuickTime\qttask .exe
PRC - [2011/08/21 22:45:35 | 000,039,432 | ---- | M] () -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2011/08/21 22:16:40 | 000,039,428 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2011/08/21 22:16:39 | 000,039,428 | ---- | M] () -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2011/08/21 22:16:39 | 000,039,428 | ---- | M] () -- C:\Program Files\Lexmark 5200 Series\lxbtbmgr.exe
PRC - [2011/08/21 22:16:39 | 000,039,428 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fm3032.exe
PRC - [2011/08/21 22:16:38 | 000,039,428 | ---- | M] () -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2011/08/21 22:16:38 | 000,039,428 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2011/08/21 22:16:38 | 000,039,428 | ---- | M] () -- C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
PRC - [2011/08/21 22:16:36 | 000,039,428 | ---- | M] () -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2011/06/28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 000,822,560 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/10 16:10:40 | 000,439,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
PRC - [2010/03/10 15:41:24 | 000,180,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/29 18:37:18 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt .exe
PRC - [2007/03/01 20:55:50 | 003,379,264 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/03/01 20:55:46 | 000,168,512 | ---- | M] () -- C:\Program Files\Webroot\Spy Sweeper\ssu.exe
PRC - [2007/03/01 20:55:36 | 004,865,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2006/06/16 10:38:44 | 000,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe
PRC - [2006/05/15 19:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/05/06 19:46:35 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched .exe
PRC - [2006/01/17 14:03:06 | 000,135,168 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe
PRC - [2006/01/17 14:03:06 | 000,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe
PRC - [2004/06/16 07:03:26 | 000,221,184 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
PRC - [2004/06/16 07:02:54 | 000,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2004/06/04 06:14:39 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe
PRC - [2004/06/04 05:58:22 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmgr .exe
PRC - [2004/04/11 21:15:14 | 000,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService .exe
PRC - [2004/04/11 12:43:44 | 000,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
PRC - [2004/03/23 16:07:18 | 000,294,912 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fm3032 .exe
PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol .exe
PRC - [2003/09/03 21:12:44 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
PRC - [2003/08/19 02:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
PRC - [2002/10/14 17:22:04 | 000,049,152 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
PRC - [2002/10/14 17:09:12 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X74-X75\lxbbbmgr .exe


========== Modules (No Company Name) ==========

MOD - [2011/08/21 23:46:34 | 000,039,432 | ---- | M] () -- C:\Program Files\QuickTime\qttask .exe
MOD - [2011/08/21 22:45:35 | 000,039,432 | ---- | M] () -- C:\Program Files\DellSupport\DSAgnt.exe
MOD - [2011/08/21 22:16:40 | 000,039,428 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
MOD - [2011/08/21 22:16:39 | 000,039,428 | ---- | M] () -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
MOD - [2011/08/21 22:16:39 | 000,039,428 | ---- | M] () -- C:\Program Files\Lexmark 5200 Series\lxbtbmgr.exe
MOD - [2011/08/21 22:16:39 | 000,039,428 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fm3032.exe
MOD - [2011/08/21 22:16:38 | 000,039,428 | ---- | M] () -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
MOD - [2011/08/21 22:16:38 | 000,039,428 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
MOD - [2011/08/21 22:16:38 | 000,039,428 | ---- | M] () -- C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
MOD - [2011/08/21 22:16:36 | 000,039,428 | ---- | M] () -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
MOD - [2009/02/13 12:44:56 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/02/13 12:44:52 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/02/13 12:44:52 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2008/02/29 18:37:18 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/02/29 18:37:17 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2007/03/01 20:55:46 | 000,168,512 | ---- | M] () -- C:\Program Files\Webroot\Spy Sweeper\ssu.exe
MOD - [2007/03/01 20:55:06 | 000,250,944 | ---- | M] () -- C:\Program Files\Webroot\Spy Sweeper\wrid.dll
MOD - [2006/01/17 14:03:04 | 000,122,880 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\TrackUtils.dll
MOD - [2006/01/17 14:03:00 | 000,438,272 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\CoreDll.dll
MOD - [2004/06/10 12:51:00 | 000,060,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\P17.dll
MOD - [2004/04/11 20:57:44 | 000,040,960 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DirWatcher.dll
MOD - [2004/03/23 16:07:18 | 000,294,912 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fm3032 .exe
MOD - [2004/03/23 16:02:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LXPRMON.DLL
MOD - [2004/02/12 11:09:02 | 000,075,264 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\LXBTPP5C.DLL
MOD - [2003/06/12 02:09:00 | 000,156,160 | ---- | M] () -- C:\Program Files\Webroot\Spy Sweeper\ztvunrar3.dll
MOD - [2003/03/20 22:02:24 | 000,249,856 | R--- | M] () -- C:\Program Files\Lexmark Fax Solutions\dtidb.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/21 22:16:40 | 000,039,428 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\SYSTEM32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/02/29 18:37:18 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/01 20:55:50 | 003,379,264 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2006/06/16 10:38:44 | 000,172,032 | ---- | M] (Anti-Malware Development a.s.) [Auto | Running] -- C:\Program Files\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard)
SRV - [2006/05/15 19:24:33 | 002,086,592 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 19:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2004/02/20 15:10:08 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbtcoms.exe -- (lxbt_device)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS)
DRV - [2007/03/01 20:54:22 | 000,021,056 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2007/03/01 20:54:18 | 000,144,960 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2007/03/01 20:54:16 | 000,022,080 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2007/03/01 20:54:16 | 000,020,544 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS -- (SSFS0509)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/06/16 10:38:54 | 000,003,968 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver)
DRV - [2006/04/23 16:08:42 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 13:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 09:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 09:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 13:19:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Wayne\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/10 03:16:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/27 03:28:07 | 000,000,709 | RH-- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110523004000.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Lexmark 5200 series] C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe ()
O4 - HKLM..\Run: [Lexmark X74-X75] C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe ()
O4 - HKLM..\Run: [LXBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe ()
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe ()
O4 - HKLM..\Run: [UpdReg] File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [BitTorrent] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe ()
O4 - HKCU..\Run: [Security Protection] C:\Documents and Settings\All Users\Application Data\defender.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: Interealty.com ([]* is out of zone range - 6)
O15 - HKCU\..Trusted Domains: MLXchange.com ([]* is out of zone range - 6)
O15 - HKCU\..Trusted Domains: qvc.com/ess ([remote] https in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} [You must be registered and logged in to see this link.] (F5 Networks CacheCleaner)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} [You must be registered and logged in to see this link.] (Symantec Script Runner Class)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} [You must be registered and logged in to see this link.] (F5 Networks Auto Update)
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} [You must be registered and logged in to see this link.] (Interealty MultiSelect)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} [You must be registered and logged in to see this link.] (MLXchange Client Utils)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} [You must be registered and logged in to see this link.] (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} [You must be registered and logged in to see this link.] (CoxFastConnect20 Control)
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C8385AB1-6491-11D2-A354-00805FCD4075} [You must be registered and logged in to see this link.] (Control Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [You must be registered and logged in to see this link.] (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O24 - Desktop Components:0 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/24 23:25:59 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Wayne\Desktop\aswMBR.exe
[2011/08/24 23:17:07 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.com
[2011/08/24 23:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/08/22 01:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/08/22 01:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/21 23:27:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne\Recent
[2011/08/11 02:05:55 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/08/11 02:05:10 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/08/11 02:03:57 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/08/11 02:02:08 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/11 02:02:03 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/08/11 01:56:03 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/11 01:55:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/08/10 19:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/08/10 18:35:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/08/10 18:35:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/08/10 18:35:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/08/10 18:35:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/08/10 18:19:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/08/07 02:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Local Settings\Application Data\Identities
[2008/08/11 01:13:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Wayne\Application Data\pcouffin.sys
[1980/01/01 01:00:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Wayne\Desktop\*.tmp files -> C:\Documents and Settings\Wayne\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/24 23:59:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/24 23:51:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/08/24 23:30:25 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\SecurityCheck.exe
[2011/08/24 23:29:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\MBR.dat
[2011/08/24 23:25:53 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Wayne\Desktop\aswMBR.exe
[2011/08/24 23:17:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.com
[2011/08/24 23:09:28 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\YE46646.dat
[2011/08/24 23:07:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/08/24 23:05:48 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/08/24 23:05:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/24 23:05:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/08/24 23:05:19 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/24 18:51:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/08/24 17:51:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/08/24 16:51:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/08/24 16:49:15 | 000,014,581 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\hijackthis log
[2011/08/22 01:51:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/08/22 01:22:25 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/08/21 22:51:29 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/08/21 22:45:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/08/21 22:18:02 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Protection.lnk
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/08/21 22:16:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/08/16 03:38:59 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/16 03:38:58 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Windows Media Player.lnk
[2011/08/12 03:14:53 | 000,342,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/11 01:43:36 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/08/11 01:43:36 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/08/10 19:59:37 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/08/10 18:26:04 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Wayne\Desktop\*.tmp files -> C:\Documents and Settings\Wayne\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\ETC\*.tmp files -> C:\WINDOWS\System32\drivers\ETC\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/24 23:30:19 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\SecurityCheck.exe
[2011/08/24 23:29:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\MBR.dat
[2011/08/24 16:49:15 | 000,014,581 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\hijackthis log
[2011/08/22 01:22:22 | 1072,746,496 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/21 22:19:38 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\YE46646.dat
[2011/08/21 22:18:01 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Security Protection.lnk
[2011/08/21 22:17:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/08/21 22:16:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/08/21 22:16:43 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/08/21 22:16:42 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/08/21 22:16:42 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/08/21 22:16:42 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/08/21 22:16:42 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/08/21 22:16:42 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/08/21 22:16:42 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/08/21 22:16:42 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/08/21 22:16:42 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/08/21 22:16:42 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/04/23 02:02:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\f5unistall.INI
[2010/12/11 04:52:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/19 16:10:07 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\housecall.guid.cache
[2010/04/28 04:32:26 | 000,007,636 | -HS- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\1375676611
[2010/04/28 04:32:26 | 000,007,636 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1375676611
[2010/04/28 04:14:14 | 000,007,756 | -HS- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\x2H3S
[2010/04/28 04:14:14 | 000,007,756 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x2H3S
[2010/03/18 03:14:22 | 000,014,736 | -HS- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\6pnFj01o
[2010/03/18 03:14:22 | 000,014,736 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6pnFj01o
[2008/08/11 01:14:06 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008/08/11 01:13:53 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\inst.exe
[2008/08/11 01:13:53 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\pcouffin.cat
[2008/08/11 01:13:53 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\pcouffin.inf
[2008/05/18 02:25:22 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/01 03:56:08 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/01 03:26:24 | 000,000,135 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/01 22:25:05 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/01 22:25:05 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/07 19:03:18 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\PFP120JPR.{PB
[2006/10/07 19:03:18 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\PFP120JCM.{PB
[2006/09/13 21:16:02 | 000,026,688 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/09/10 03:17:24 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\Sskuknwrd.dll
[2006/09/09 16:15:53 | 000,000,227 | ---- | C] () -- C:\WINDOWS\em06y.ini
[2006/09/09 16:15:43 | 000,000,903 | ---- | C] () -- C:\WINDOWS\System32\winpfg32.sys
[2006/08/25 18:04:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/08 01:02:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/01 18:10:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/06/01 18:07:44 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006/06/01 18:06:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/05/06 16:53:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\dm.ini
[2006/04/23 15:15:01 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/23 15:15:01 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/21 20:51:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/04/21 20:51:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/04/21 20:46:42 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2006/04/21 20:46:42 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2006/04/21 20:46:42 | 000,001,832 | R--- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2006/04/21 20:46:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxbtih.exe
[2006/04/21 20:46:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2006/04/21 20:46:29 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2005/08/27 19:41:50 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\dwsvclnt.dll
[2005/07/17 14:38:32 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2005/02/10 01:25:24 | 000,000,050 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/02/10 01:25:24 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/12/08 22:09:30 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/02 05:33:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MSWHEEL.DLL
[2004/10/31 21:59:02 | 000,000,270 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2004/10/31 21:50:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/23 20:21:18 | 000,000,718 | ---- | C] () -- C:\WINDOWS\MTB12ST.INI
[2004/10/16 12:21:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/16 12:18:12 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/10/16 12:14:42 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/10/16 12:14:39 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/16 12:12:46 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/10/16 12:12:46 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/10/16 12:12:36 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/10/16 12:12:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/10/16 12:12:30 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/10/16 12:03:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/10/16 12:03:24 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/10/16 12:03:24 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/10/16 11:50:00 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:08:08 | 000,342,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 11:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/14 17:39:18 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\lxbbcoin.ini
[2002/05/17 18:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[1980/01/01 01:00:00 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/24 23:25:53 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Wayne\Desktop\aswMBR.exe
[2006/09/10 03:07:26 | 008,404,736 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\ewido-setup_4.0.0.172b.exe
[2006/09/10 03:01:54 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Wayne\Desktop\HijackThis.exe
[2006/02/08 04:02:44 | 000,073,728 | ---- | M] (Option^Explicit Software [You must be registered and logged in to see this link.]) -- C:\Documents and Settings\Wayne\Desktop\KillBox.exe
[2011/08/24 23:30:25 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\SecurityCheck.exe
[2 C:\Documents and Settings\Wayne\Desktop\*.tmp files -> C:\Documents and Settings\Wayne\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2006/04/21 20:50:16 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
[2006/05/06 16:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/10/21 19:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/04/08 02:19:25 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2007/05/23 23:41:58 | 000,000,000 | ---D | M] -- C:\Program Files\BitLord
[2007/05/18 20:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2006/04/29 22:30:35 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2006/09/10 06:02:55 | 000,000,000 | ---D | M] -- C:\Program Files\CleanUp!
[2008/08/11 02:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\CloneDVD
[2010/11/13 21:20:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/10/16 11:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2004/10/16 12:12:47 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2004/10/16 12:11:22 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2005/06/16 02:29:15 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2004/10/16 12:16:22 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Computer
[2011/08/21 22:45:35 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2010/12/14 03:16:21 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2005/07/29 18:00:03 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2006/06/25 00:52:25 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2007/02/09 04:16:15 | 000,000,000 | ---D | M] -- C:\Program Files\ewido anti-spyware 4.0
[2010/11/13 20:54:49 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/08/27 18:45:49 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/10/16 12:11:42 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/08/11 02:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/10/25 20:43:57 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2006/05/06 19:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2011/08/21 22:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2004/10/16 12:16:35 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2006/12/27 22:05:39 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/09/11 03:07:39 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2004/10/16 12:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2011/08/21 22:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 5200 Series
[2011/08/21 22:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions
[2011/08/21 22:16:38 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark X74-X75
[2011/08/12 03:16:06 | 000,000,000 | ---D | M] -- C:\Program Files\Lx_cats
[2010/03/19 02:29:26 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/18 04:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2011/03/04 16:18:44 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2011/08/10 19:57:11 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/10/31 21:50:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/09 13:35:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/10/27 13:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2006/10/27 13:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/15 19:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2004/10/16 12:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2004/10/16 12:11:48 | 000,000,000 | ---D | M] -- C:\Program Files\Modem On Hold
[2011/08/11 02:41:08 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2004/10/16 11:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/10/16 11:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/10/16 02:41:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2004/11/02 05:21:13 | 000,000,000 | ---D | M] -- C:\Program Files\MTBWINST
[2004/10/16 12:17:59 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2006/08/25 17:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2011/08/10 18:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/10/16 11:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/08/11 02:33:58 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2004/10/23 20:23:56 | 000,000,000 | ---D | M] -- C:\Program Files\PHStat2
[2004/11/28 23:43:56 | 000,000,000 | ---D | M] -- C:\Program Files\QMwin32
[2011/08/21 23:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/05/06 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/04/29 22:28:38 | 000,000,000 | ---D | M] -- C:\Program Files\RegistryFix
[2008/08/11 02:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2006/09/10 03:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2006/09/11 01:41:27 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/06/05 03:30:49 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/08/27 18:45:48 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2004/10/16 11:49:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2006/06/08 00:37:42 | 000,000,000 | ---D | M] -- C:\Program Files\utorrent
[2004/10/16 12:15:45 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2006/08/14 00:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Vodei
[2006/09/13 21:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2011/08/10 19:57:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/08/10 18:29:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/10/16 11:49:38 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2006/08/22 03:44:00 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2004/10/16 12:19:15 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2004/10/16 11:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\XEROX
[2006/05/10 00:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2004/10/16 12:16:54 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2011/07/24 03:57:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2011/07/24 03:57:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2011/07/24 03:57:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2011/07/24 03:57:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:disk.sys
[2011/07/24 03:57:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:disk.sys
[2011/07/24 03:57:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\I386\DISK.SYS
[2004/08/04 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-11 06:49:39

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< End of report >

luvantigua
Novice
Novice

Posts Posts : 6
Joined Joined : 2011-08-24
OS OS : windows xp
Points Points : 19416
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible Malware/virus

Post by luvantigua on 25th August 2011, 4:55 am

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-24 23:26:10
-----------------------------
23:26:10.790 OS Version: Windows 5.1.2600 Service Pack 3
23:26:10.790 Number of processors: 2 586 0x304
23:26:10.790 ComputerName: ROSE UserName:
23:26:13.306 Initialize success
23:27:09.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
23:27:09.499 Disk 0 Vendor: ST3160023AS 8.05 Size: 152627MB BusType: 3
23:27:11.515 Disk 0 MBR read successfully
23:27:11.515 Disk 0 MBR scan
23:27:11.515 Disk 0 unknown MBR code
23:27:11.515 Disk 0 scanning sectors +312576705
23:27:11.609 Disk 0 scanning C:\WINDOWS\system32\drivers
23:27:23.204 Service scanning
23:27:24.642 Modules scanning
23:27:36.221 Disk 0 trace - called modules:
23:27:36.221 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
23:27:36.221 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8734f030]
23:27:36.221 3 CLASSPNP.SYS[f7681fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8734eb00]
23:27:36.221 Scan finished successfully
23:29:06.591 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Wayne\Desktop\MBR.dat"
23:29:06.779 The log file has been saved successfully to "C:\Documents and Settings\Wayne\Desktop\aswMBR.txt"



luvantigua
Novice
Novice

Posts Posts : 6
Joined Joined : 2011-08-24
OS OS : windows xp
Points Points : 19416
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible Malware/virus

Post by luvantigua on 25th August 2011, 4:56 am

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
CCleaner (remove only)
Java 2 Runtime Environment, SE v1.4.2_03
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````

luvantigua
Novice
Novice

Posts Posts : 6
Joined Joined : 2011-08-24
OS OS : windows xp
Points Points : 19416
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible Malware/virus

Post by Superdave on 26th August 2011, 12:07 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
P2P - I see you have P2P software installed on your machine (utorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* [You must be registered and logged in to see this link.]
* [You must be registered and logged in to see this link.]

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

********************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [UpdReg] File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [BitTorrent] File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: Interealty.com ([]* is out of zone range - 6)
O15 - HKCU\..Trusted Domains: MLXchange.com ([]* is out of zone range - 6)
O15 - HKCU\..Trusted Domains: qvc.com/ess ([remote] https in Trusted sites)

:Files

C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At1.job
[C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At1.job
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

***********************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*******************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**********************************************
Download DDS from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.].Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible Malware/virus

Post by luvantigua on 29th August 2011, 11:32 pm

Sorry for the late reply.....Hurricane Irene :sad: I can no longer use the computer in safe mode or normal windows due to a blue screen. I do not have my windows xp disk; therefore, I'm not able to use the computer at all. Is there anything I can do at this point ?

luvantigua
Novice
Novice

Posts Posts : 6
Joined Joined : 2011-08-24
OS OS : windows xp
Points Points : 19416
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible Malware/virus

Post by Superdave on 30th August 2011, 1:07 am

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using an ISO Burner. One can be found [You must be registered and logged in to see this link.]
  • Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum