computer infected with xp antispyware 2012 virus

View previous topic View next topic Go down

computer infected with xp antispyware 2012 virus

Post by pointman on Mon Nov 28, 2011 6:36 pm

virus has control of my browser and programs. attached are otl.txt and ansmbr.txt scan results( no extras.txt). could not run securitycheck.exe (netsw.exe-entry point not found) error message.
OTL logfile created on: 11/28/2011 12:06:29 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 79.76% Memory free
4.84 Gb Paging File | 4.25 Gb Available in Paging File | 87.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 147.03 Gb Free Space | 49.32% Space Free | Partition Type: NTFS
Drive J: | 1.92 Gb Total Space | 1.32 Gb Free Space | 68.78% Space Free | Partition Type: FAT

Computer Name: QUADCORE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 17:32:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2011/10/19 22:14:14 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/04/14 13:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2008/04/13 19:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/30 16:05:52 | 000,157,656 | ---- | M] () -- C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2010/08/10 17:59:26 | 001,263,576 | ---- | M] () -- C:\Program Files\PC Tools Security\UserModeFileCache.dll
MOD - [2010/08/10 17:58:38 | 000,091,608 | ---- | M] () -- C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:12:42 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008/04/13 19:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:52 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 13:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 13:01:38 | 000,171,168 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 13:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 14:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdcoreservice)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/30 02:31:50 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/02/02 01:33:18 | 000,317,440 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/04/03 14:46:03 | 000,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/04/30 10:04:00 | 000,331,776 | ---- | M] (Cyber Power System Inc.) [Disabled | Stopped] -- C:\PowerPanel\upssrv.exe -- (CyberPowerUPS)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 13:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 13:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 13:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 13:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 13:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 13:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 13:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 13:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 13:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 13:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/30 02:32:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/30 02:31:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/04/22 13:24:07 | 000,076,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/04/13 13:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/03/27 18:31:44 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/05/10 12:33:58 | 000,048,640 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/04/12 14:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 17:12:04 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/08/16 22:23:00 | 000,340,176 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2006/08/16 22:17:11 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/16 22:17:09 | 000,500,480 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/16 22:16:32 | 001,110,528 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/08/16 22:15:00 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/16 22:14:42 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/16 22:14:37 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/16 22:14:24 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/14 03:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/01/16 14:46:08 | 000,050,576 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppadt40.sys -- (dot4)
DRV - [2001/01/16 14:44:36 | 000,017,872 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppausb0.sys -- (dot4usb)
DRV - [2001/01/16 13:43:34 | 000,015,792 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppaprt0.sys -- (Dot4Print)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Owner\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/09/27 15:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/09/27 15:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/07/20 12:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 22:11:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/06/14 12:25:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/17 02:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/11/19 17:57:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/07 12:53:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 15:02:25 | 000,000,000 | ---D | M]

[2009/01/12 17:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/06/19 10:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions
[2009/08/11 12:21:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/19 10:21:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/12 17:13:16 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/06/26 19:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 15:08:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/26 19:24:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/01/06 09:34:58 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2010/01/06 09:34:58 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2010/01/06 09:34:59 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2011/11/07 12:53:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2011/11/07 12:53:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510163056.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MicroBrew] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [PbAdminACAD] C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe (Bluebeam Software, Inc.)
O4 - HKCU..\Run: [1311663257] C:\Documents and Settings\Owner\Local Settings\Application Data\mcj.exe File not found
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} [You must be registered and logged in to see this link.] (ILINCInstall86 Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} [You must be registered and logged in to see this link.] (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} [You must be registered and logged in to see this link.] (LinkedIn ContactFinderControl)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} [You must be registered and logged in to see this link.] (ContactExtractor Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [You must be registered and logged in to see this link.] (Photo Upload Plugin Class)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} [You must be registered and logged in to see this link.] (HPSDDX Class)
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} [You must be registered and logged in to see this link.] (AudioClient Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} [You must be registered and logged in to see this link.] (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} [You must be registered and logged in to see this link.] (Creative Software AutoUpdate Support Package 1)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F60DCFF1-1651-438B-B98E-C6DF61103019}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/24 17:04:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Owner\Local Settings\Application Data\mcj.exe" -a "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Owner\Local Settings\Application Data\mcj.exe" -a "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "wlidsvc"
MsConfig - Services: "WinDefend"
MsConfig - Services: "SeaPort"
MsConfig - Services: "NVSvc"
MsConfig - Services: "mfevtp"
MsConfig - Services: "mfefire"
MsConfig - Services: "McShield"
MsConfig - Services: "McProxy"
MsConfig - Services: "McODS"
MsConfig - Services: "McNASvc"
MsConfig - Services: "McNaiAnn"
MsConfig - Services: "mcmscsvc"
MsConfig - Services: "McMPFSvc"
MsConfig - Services: "McComponentHostService"
MsConfig - Services: "McciServiceHost"
MsConfig - Services: "McciCMService"
MsConfig - Services: "McAfee SiteAdvisor Service"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "IntuitUpdateService"
MsConfig - Services: "idsvc"
MsConfig - Services: "IDriverT"
MsConfig - Services: "gusvc"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - Services: "CyberPowerUPS"
MsConfig - Services: "Creative Service for CDROM Access"
MsConfig - Services: "CCALib8"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "Autodesk Licensing Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "Amazon Download Agent"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: 36X Raid Configurer - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL Inc.)
MsConfig - StartUpReg: AmazonGSDownloaderTray - hkey= - key= - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - File not found
MsConfig - StartUpReg: ATT-SST_McciTrayApp - hkey= - key= - C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
MsConfig - StartUpReg: BellSouthWCC_McciTrayApp - hkey= - key= - C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
MsConfig - StartUpReg: Bing Bar - hkey= - key= - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CTHelper - hkey= - key= - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
MsConfig - StartUpReg: CTxfiHlp - hkey= - key= - File not found
MsConfig - StartUpReg: HP AutoIndexer - hkey= - key= - C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe (Hewlett-Packard)
MsConfig - StartUpReg: HP SchedIndexer - hkey= - key= - C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe (Hewlett-Packard)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\WINDOWS\RaidTool\xInsIDE.exe ()
MsConfig - StartUpReg: mcui_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig - StartUpReg: MicroBrew - hkey= - key= - C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe (Bluebeam Software, Inc.)
MsConfig - StartUpReg: Microsoft Default Manager - hkey= - key= - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PbAdminACAD - hkey= - key= - C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe (Bluebeam Software, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RCSystem - hkey= - key= - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: RoboForm - hkey= - key= - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: UpdateFlow.ATT-SST - hkey= - key= - C:\Program Files\ATT-SST\McciBrowser.exe (Alcatel-Lucent)
MsConfig - StartUpReg: UpdReg - hkey= - key= - C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
MsConfig - StartUpReg: VolPanel - hkey= - key= - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
MsConfig - StartUpReg: ymetray - hkey= - key= - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 1
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {35CB31D6-C496-F1F5-D9EC-11F57DF7BE5F} - Internet Explorer
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61F684C7-B71D-C06D-8637-87A1C70CAFF6} - Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {851FDFAC-B3F9-435A-A49C-B4F18A1737E7} - Microsoft Silverlight 3.0
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{C92EB41C-D4C5-4CCA-A444-318AE7FB6FC2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Mon Nov 28, 2011 6:37 pm

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 12:03:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/11/27 19:06:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/11/27 16:57:00 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/11/27 16:57:00 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/11/27 16:56:59 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/11/27 16:56:51 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/11/27 16:56:51 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/11/27 16:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/11/27 16:56:42 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/11/27 16:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/11/27 16:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/11/27 16:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2011/11/27 12:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/27 11:31:37 | 000,706,976 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\SpyHunter-Installer.exe
[2011/11/27 11:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/11/19 17:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
[2011/11/12 22:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2008/03/24 17:45:45 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/16 22:11:02 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/28 12:10:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3DB9A020-3481-434C-BCEC-AC02BC5A62CB}.job
[2011/11/28 12:10:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/28 12:09:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/28 12:01:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/28 12:00:46 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/28 11:32:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/11/28 11:32:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/11/28 11:19:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/28 10:57:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/28 10:54:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/27 20:36:23 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2011/11/27 20:36:23 | 000,054,800 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2011/11/27 20:36:23 | 000,054,800 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2011/11/27 20:36:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/11/27 20:36:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/11/27 20:32:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/11/27 20:32:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/11/27 19:32:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/11/27 19:32:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/11/27 18:52:55 | 000,309,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/27 18:32:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/11/27 18:32:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/11/27 17:47:40 | 000,015,330 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1w15mg3p30e624
[2011/11/27 17:47:40 | 000,015,330 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1w15mg3p30e624
[2011/11/27 17:46:05 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18iMfb.dat
[2011/11/27 17:42:41 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/11/27 17:32:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/11/27 16:57:17 | 000,734,852 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/11/27 16:56:48 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/11/27 11:27:18 | 000,706,976 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\SpyHunter-Installer.exe
[2011/11/27 01:41:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/26 13:17:23 | 000,000,182 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/11/21 14:42:56 | 000,011,142 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/11/21 14:41:27 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/11/21 14:41:27 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\A18EBC
[2011/11/21 13:33:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/18 13:19:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/11/17 15:27:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/12 22:20:48 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/09 03:23:10 | 000,441,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/09 03:23:10 | 000,071,700 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/09 03:03:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 17:42:41 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2011/11/27 17:42:41 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2011/11/27 17:42:41 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2011/11/27 17:42:41 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18iMfb.dat
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/11/27 17:42:40 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/11/27 17:42:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/11/27 17:42:39 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/11/27 17:42:39 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/11/27 16:57:01 | 000,734,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/11/27 16:56:48 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/11/27 10:35:10 | 000,015,330 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1w15mg3p30e624
[2011/11/27 10:35:10 | 000,015,330 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1w15mg3p30e624
[2011/11/12 22:20:48 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/15 14:00:07 | 000,077,349 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2011/06/30 15:32:37 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/06/30 14:25:38 | 000,178,277 | ---- | C] () -- C:\WINDOWS\hpwins20.dat
[2011/06/30 14:25:37 | 000,002,428 | R--- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2011/06/14 11:55:59 | 000,237,689 | ---- | C] () -- C:\WINDOWS\hpwins20.dat.temp
[2011/06/14 11:55:58 | 000,001,678 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat.temp
[2011/04/04 22:28:39 | 004,149,312 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/02 11:37:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/12/09 07:38:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/28 21:52:32 | 000,070,380 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/21 10:21:25 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/02 23:39:57 | 000,244,930 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/06/12 20:38:11 | 000,116,840 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/05/06 18:05:25 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/12/14 17:12:22 | 000,012,054 | R--- | C] () -- C:\WINDOWS\hpwscr20.dat
[2008/12/03 10:48:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\delexe.exe
[2008/12/02 16:09:02 | 000,000,659 | ---- | C] () -- C:\WINDOWS\FMTMSAM.INI
[2008/12/02 16:08:42 | 000,000,182 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/12/02 16:08:07 | 000,000,019 | ---- | C] () -- C:\WINDOWS\hppsi_indexbase.dat
[2008/11/13 03:03:11 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/29 21:42:01 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/06/07 17:49:09 | 000,011,142 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/14 14:15:02 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008/05/01 12:16:36 | 000,002,751 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2008/05/01 12:15:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2008/04/25 18:55:17 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2008/04/25 18:55:17 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2008/04/25 18:55:17 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\LFFPX90N.DLL
[2008/04/25 18:55:16 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\OWL52F.DLL
[2008/04/25 18:55:16 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\PWJPEG32.DLL
[2008/03/31 10:30:51 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/03/27 15:04:48 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/03/27 11:12:15 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/26 15:02:06 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\epsnodlm.dll
[2008/03/26 14:01:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/03/26 11:49:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epadmin.INI
[2008/03/26 09:26:00 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/03/25 18:06:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/24 21:18:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/24 17:45:45 | 000,323,640 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/03/24 17:45:45 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/03/24 17:45:45 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/03/24 17:45:45 | 000,044,567 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2008/03/24 17:31:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/03/24 17:25:35 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/03/24 17:14:22 | 000,011,127 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/03/24 17:13:14 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/03/24 17:13:12 | 000,010,802 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/03/24 17:12:58 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/03/24 17:07:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/24 17:01:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/24 16:59:09 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/24 16:55:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/24 11:57:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/24 11:55:47 | 000,309,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/05 01:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 01:41:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/12/05 01:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 01:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/12/05 01:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 01:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 01:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/12/05 01:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/12/05 01:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/12 11:12:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\NmCoInst.dll
[2006/08/16 22:59:15 | 000,087,403 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/08/16 22:59:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/08/16 22:33:53 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/16 22:32:07 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/16 22:14:32 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/08/16 22:14:06 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/08/16 22:11:52 | 000,264,526 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/08/16 22:11:38 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/16 22:11:38 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/16 22:11:07 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2006/08/03 13:48:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\InstallPrinter6.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,441,890 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,071,700 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/02 09:54:48 | 002,945,024 | R--- | C] () -- C:\WINDOWS\System32\BGP851c.dll
[2005/07/26 16:13:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/07 08:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2002/11/20 17:51:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2000/05/07 00:30:44 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\NmUninst.exe

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2009/04/25 11:21:54 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/03/24 17:05:02 | 000,163,884 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\avg7inst.log

< %USERPROFILE%\Desktop\*.exe >
[2008/10/24 17:34:31 | 041,427,024 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Owner\Desktop\A140609_ENU_XP.exe
[2009/08/20 12:09:04 | 024,791,728 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ATT_SST_Installer_UVerse.exe
[2011/10/08 18:18:41 | 001,190,816 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Owner\Desktop\DriverDetective.exe
[2011/10/10 11:19:49 | 003,667,824 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Documents and Settings\Owner\Desktop\DriverUpdate-setup.exe
[2009/08/11 12:19:50 | 008,050,536 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 3.5.2.exe
[2009/09/15 11:02:42 | 001,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Owner\Desktop\install_flash_player.exe
[2008/12/03 15:51:24 | 001,877,269 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lj564en.exe
[2011/06/13 12:26:06 | 295,266,400 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OJJ4600_Full_14.exe
[2009/01/21 13:23:32 | 006,990,944 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Owner\Desktop\PayPal Plug-In.exe
[2009/05/14 22:41:52 | 000,274,224 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Owner\Desktop\utorrent.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2008/03/24 17:00:35 | 045,942,912 | ---- | M] (NVIDIA Corporation ) -- C:\Documents and Settings\Owner\My Documents\169.21_forceware_winxp_32bit_english_whql.exe
[2009/01/12 17:10:29 | 007,518,240 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 3.0.5.exe
[2004/06/07 08:09:24 | 002,348,528 | ---- | M] (Indigo Rose Corporation [You must be registered and logged in to see this link.] -- C:\Documents and Settings\Owner\My Documents\HistoryKill2003.exe
[2009/07/20 12:40:15 | 006,535,960 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Owner\My Documents\PayPal Plug-In.exe
[2008/04/23 18:06:19 | 001,375,232 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pl532en.exe
[2010/06/23 15:50:05 | 003,545,360 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\R98291.EXE
[2008/03/29 23:19:35 | 000,382,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\My Documents\xpiinstall.exe
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/07 12:53:22 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/07 12:53:21 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/07 12:53:19 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/07 12:53:19 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/08/04 19:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/04/15 08:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/04/08 12:31:31 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Photoshop.com Uploader
[2008/03/24 17:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2011/02/18 17:26:56 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2009/03/04 11:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/02/19 14:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2008/03/25 16:24:35 | 000,000,000 | ---D | M] -- C:\Program Files\AnswerWorks 4.0
[2011/09/27 15:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/04/25 10:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-HSI
[2010/07/05 19:10:30 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-SST
[2008/03/24 17:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\Attansic
[2011/06/06 12:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\ATTSA
[2009/04/25 11:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\ATTToolbar
[2011/02/23 16:44:56 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2008/04/12 12:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Audit Support Center
[2008/03/25 16:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2006
[2008/11/04 11:29:08 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD Civil 3D 2008
[2008/05/02 08:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2009/04/25 11:34:57 | 000,000,000 | ---D | M] -- C:\Program Files\BellSouthWCC
[2011/06/14 12:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2008/03/31 12:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\Bluebeam Software
[2011/10/20 15:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/04/12 12:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/11/27 16:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/03/24 17:01:17 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/05/08 18:19:11 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/03/24 17:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Installation Information
[2008/03/24 17:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/10/02 17:46:11 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2008/04/03 14:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\DWG TrueView 2007
[2008/03/26 15:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\Eagle Point Software
[2010/01/06 09:35:01 | 000,000,000 | ---D | M] -- C:\Program Files\eMusic Download Manager
[2009/10/02 17:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2009/10/02 17:46:13 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2011/11/12 22:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/03/24 17:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2008/12/02 16:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2011/06/30 14:33:16 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/05/02 11:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Hydraflow
[2009/01/20 13:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\iLinc
[2008/05/08 20:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
[2010/02/19 15:45:23 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2008/03/24 17:21:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/10/13 02:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/03/27 14:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2011/10/20 15:09:57 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/10/20 15:11:09 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/06/26 19:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/04/25 18:55:16 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2008/07/22 16:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\LizardTech
[2011/10/10 11:35:02 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/24 10:41:27 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2011/04/03 21:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2011/02/24 16:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2008/08/18 11:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/06/14 12:25:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/03/24 21:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/03/24 17:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/04/16 10:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/10/13 02:23:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/04/03 14:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/08/12 02:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/27 11:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/07 02:03:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/04/16 10:51:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/03/24 17:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/03/24 17:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/06/14 12:25:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar
[2008/11/13 03:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/05/01 10:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\MyPublisher
[2008/08/18 11:14:18 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/03/24 17:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/17 03:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/09/19 19:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Pandora
[2008/06/18 14:01:12 | 000,000,000 | ---D | M] -- C:\Program Files\PayPal
[2011/11/28 11:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\PC Tools Security
[2011/06/30 17:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2011/09/27 15:02:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/03/27 18:24:35 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/03/24 17:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/08/07 02:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/09/27 16:50:16 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2008/07/12 16:46:42 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2008/03/28 10:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
[2011/06/06 12:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\TESTRM
[2010/01/02 14:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2011/04/13 12:41:43 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2008/03/24 17:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2011/07/10 11:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/03/31 10:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\viewsonic
[2011/05/20 11:21:46 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2008/03/24 17:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/03/24 17:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/08/18 11:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/18 11:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/03/24 17:03:19 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2008/03/24 17:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2011/06/18 15:05:48 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2007/09/11 15:20:13 | 016,774,755 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/09/11 15:20:13 | 016,774,755 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Primary IDE Channel#1\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Primary IDE Channel\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Secondary IDE Channel#1\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Secondary IDE Channel\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2007/09/11 15:20:13 | 016,774,755 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#1\disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#2\disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#3\disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#4\disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive\disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2007/09/11 15:11:35 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=5FD8684F1C5DD26509383F6CCDAEE3A3 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-12 08:01:13

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/07 12:53:19 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/07 12:53:19 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/07 12:53:19 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\mcj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/07 12:53:21 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\mcj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\mcj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2008/06/17 15:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2008/06/17 15:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2008/06/17 15:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2008/06/17 15:16:14 | 003,463,976 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/07 12:53:19 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/07 12:53:19 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/07 12:53:19 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\mcj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/07 12:53:21 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\mcj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\mcj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2008/06/17 15:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2008/06/17 15:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2008/06/17 15:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2008/06/17 15:16:14 | 003,463,976 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Mon Nov 28, 2011 6:38 pm

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-28 12:57:55
-----------------------------
12:57:56.062 OS Version: Windows 5.1.2600 Service Pack 3
12:57:56.093 Number of processors: 4 586 0xF0B
12:57:56.156 ComputerName: QUADCORE UserName: Owner
12:58:00.578 Initialize success
13:00:31.234 AVAST engine defs: 11112801
13:00:49.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
13:00:49.062 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
13:00:51.125 Disk 0 MBR read successfully
13:00:51.171 Disk 0 MBR scan
13:00:51.578 Disk 0 Windows XP default MBR code
13:00:51.656 Disk 0 scanning sectors +625121280
13:00:52.125 Disk 0 scanning C:\WINDOWS\system32\drivers
13:01:27.109 File: C:\WINDOWS\system32\drivers\NmPar.sys **INFECTED** Win32:Aluroot [Rtk]
13:01:39.609 Service scanning
13:01:41.062 Modules scanning
13:01:45.437 Module: C:\WINDOWS\system32\DRIVERS\NmPar.sys **SUSPICIOUS**
13:01:48.453 Disk 0 trace - called modules:
13:01:48.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88466f10]<<
13:01:48.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b29aab8]
13:01:48.515 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> [0x8a475e10]
13:01:48.531 \Driver\00001418[0x89e23208] -> IRP_MJ_CREATE -> 0x88466f10
13:01:50.796 AVAST engine scan C:\WINDOWS
13:02:08.593 AVAST engine scan C:\WINDOWS\system32
13:05:33.671 AVAST engine scan C:\WINDOWS\system32\drivers
13:05:51.515 File: C:\WINDOWS\system32\drivers\NmPar.sys **INFECTED** Win32:Aluroot [Rtk]
13:06:03.718 AVAST engine scan C:\Documents and Settings\Owner
13:06:49.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
13:06:49.890 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"



pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Wed Nov 30, 2011 6:17 pm

BUMP

pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by Belahzur on Thu Dec 01, 2011 12:42 am

Hi,


Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click Belahzur.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Thu Dec 01, 2011 4:34 am

running combofix I got a rootkit. zero access/ tcp/ip stack warning. after running combofix I can no longer access the internet and my wireless network no longer works. thanks for the help. attached is combofix log file.

ComboFix 11-11-30.03 - Owner 11/30/2011 22:30:29.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2137 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\belahuzar.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Favorites\Antivirus Test Online.url
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\pse_350_enu.exe
c:\documents and settings\Owner\My Documents\~WRL1837.tmp
c:\documents and settings\Owner\Start Menu\Programs\Windows XP Recovery
c:\documents and settings\Owner\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
c:\documents and settings\Owner\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk
c:\documents and settings\Owner\WINDOWS
c:\windows\$NtUninstallKB11864$\3497721378\@
c:\windows\$NtUninstallKB11864$\3497721378\bckfg.tmp
c:\windows\$NtUninstallKB11864$\3497721378\cfg.ini
c:\windows\$NtUninstallKB11864$\3497721378\Desktop.ini
c:\windows\$NtUninstallKB11864$\3497721378\keywords
c:\windows\$NtUninstallKB11864$\3497721378\kwrd.dll
c:\windows\$NtUninstallKB11864$\3497721378\L\ziupsmfn
c:\windows\$NtUninstallKB11864$\3497721378\lsflt7.ver
c:\windows\$NtUninstallKB11864$\3497721378\U\00000001.@
c:\windows\$NtUninstallKB11864$\3497721378\U\00000002.@
c:\windows\$NtUninstallKB11864$\3497721378\U\00000004.@
c:\windows\$NtUninstallKB11864$\3497721378\U\80000000.@
c:\windows\$NtUninstallKB11864$\3497721378\U\80000004.@
c:\windows\$NtUninstallKB11864$\3497721378\U\80000032.@
c:\windows\$NtUninstallKB11864$\879948445
c:\windows\CSC\d6
c:\windows\dasetup.log
c:\windows\system32\usmt\migwiz_a.exe
c:\windows\$NtUninstallKB11864$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 03:49 . 2011-12-01 03:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-12-01 03:11 . 2011-12-01 03:20 -------- d-----w- C:\ComboFix
2011-11-30 16:20 . 2011-11-30 16:20 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-11-30 16:20 . 2011-11-30 16:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-30 16:20 . 2011-11-30 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-27 21:57 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-11-27 21:57 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-27 21:56 . 2011-01-17 14:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-27 21:56 . 2010-12-10 21:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-27 21:56 . 2010-12-10 18:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-27 21:56 . 2010-12-16 13:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-27 21:56 . 2011-11-27 21:58 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-27 21:56 . 2011-12-01 03:53 -------- d-----w- c:\program files\PC Tools Security
2011-11-27 21:56 . 2011-11-27 21:56 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2011-11-27 16:31 . 2011-11-27 16:27 706976 ----a-w- C:\SpyHunter-Installer.exe
2011-11-27 16:08 . 2011-11-27 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 18:33 . 2011-06-02 22:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-03-24 22:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2007-09-11 20:12 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 17:53 . 2011-05-20 21:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-02-24 15:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-25 68856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-19 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PbAdminACAD"="c:\program files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe" [2006-09-21 217088]
"MicroBrew"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe" [2006-09-21 495616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-05-08 16:06 1953792 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-02-02 06:32 246272 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2010-06-30 07:39 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellSouthWCC_McciTrayApp]
2006-03-10 18:01 543232 ----a-w- c:\program files\BellSouthWCC\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-04-27 20:39 243544 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-17 03:32 17920 ----a-w- c:\windows\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-17 03:32 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer]
2001-03-01 08:53 77824 ------w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer]
2001-03-01 08:53 86016 ------w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 14:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-21 14:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2011-04-05 15:50 1195408 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroBrew]
2006-09-21 20:34 495616 ----a-w- c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-11 21:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 06:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 06:41 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 06:41 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PbAdminACAD]
2006-09-21 20:37 217088 ----a-w- c:\program files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-11-04 22:07 49152 ------w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 00:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-11-19 22:56 107000 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 15:28 16126464 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-04-06 17:22 1822720 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-03-25 22:19 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateFlow.ATT-SST]
2010-06-30 07:39 1057792 ----a-w- c:\program files\ATT-SST\McciBrowser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2006-07-28 13:56 122880 ------w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
2005-08-12 16:05 40960 ----a-w- c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"WinDefend"=2 (0x2)
"SeaPort"=2 (0x2)
"NVSvc"=2 (0x2)
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McComponentHostService"=3 (0x3)
"McciServiceHost"=2 (0x2)
"McciCMService"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"CyberPowerUPS"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Amazon Download Agent"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/27/2011 4:56 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/27/2011 4:57 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/27/2011 4:57 PM 656320]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/24/2011 10:10 AM 84200]
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [10/11/2006 10:12 AM 76416]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/24/2011 10:10 AM 141792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [11/27/2011 4:56 PM 366840]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/24/2008 5:27 PM 38656]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/24/2011 10:10 AM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/24/2011 10:10 AM 88736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2009 6:24 PM 133104]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/24/2011 10:10 AM 56064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2009 6:24 PM 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/24/2011 10:10 AM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/24/2011 10:10 AM 84488]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/19/2009 2:03 PM 317440]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/28/2009 1:44 PM 88176]
S4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [7/5/2010 7:05 PM 315392]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S4 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/24/2011 10:09 AM 271480]
S4 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/24/2011 10:09 AM 271480]
S4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/24/2011 10:10 AM 188136]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-25 11:08]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 23:24]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 23:24]
.
2011-11-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2011-12-01 c:\windows\Tasks\User_Feed_Synchronization-{3DB9A020-3481-434C-BCEC-AC02BC5A62CB}.job
- c:\windows\system32\msfeedssync.exe [2008-03-24 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Customize Menu - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-11-30 22:54
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\PC Tools Security\pctsSvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-11-30 22:59:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 03:59
.
Pre-Run: 159,019,847,680 bytes free
Post-Run: 162,862,866,432 bytes free
.
- - End Of File - - AE50ED270B6AD571C804968A90881B4E

pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by Belahzur on Thu Dec 01, 2011 11:00 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Rootkit::

    Folder::
    c:\windows\$NtUninstallKB11864$
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Fri Dec 02, 2011 12:57 am

ComboFix 11-11-30.03 - Owner 12/01/2011 19:34:17.3.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2722 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB11864$
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 00:45 . 2011-12-02 00:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-12-02 00:32 . 2011-12-02 00:32 -------- d-----w- c:\windows\LastGood.Tmp
2011-12-01 03:11 . 2011-12-01 03:20 -------- d-----w- C:\ComboFix
2011-11-30 16:20 . 2011-11-30 16:20 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-11-30 16:20 . 2011-11-30 16:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-30 16:20 . 2011-11-30 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-27 21:57 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-11-27 21:57 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-27 21:56 . 2011-01-17 14:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-27 21:56 . 2010-12-10 21:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-27 21:56 . 2010-12-10 18:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-27 21:56 . 2010-12-16 13:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-27 21:56 . 2011-11-27 21:58 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-27 21:56 . 2011-12-01 04:39 -------- d-----w- c:\program files\PC Tools Security
2011-11-27 21:56 . 2011-11-27 21:56 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2011-11-27 16:31 . 2011-11-27 16:27 706976 ----a-w- C:\SpyHunter-Installer.exe
2011-11-27 16:08 . 2011-11-27 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 18:33 . 2011-06-02 22:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-03-24 22:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2007-09-11 20:12 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 17:53 . 2011-05-20 21:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\DRIVERS\mfendisk.sys
+ 2011-12-02 00:46 . 2011-12-02 00:46 16384 c:\windows\temp\Perflib_Perfdata_918.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-25 68856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-19 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PbAdminACAD"="c:\program files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe" [2006-09-21 217088]
"MicroBrew"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe" [2006-09-21 495616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-05-08 16:06 1953792 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-02-02 06:32 246272 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2010-06-30 07:39 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellSouthWCC_McciTrayApp]
2006-03-10 18:01 543232 ----a-w- c:\program files\BellSouthWCC\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-04-27 20:39 243544 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-17 03:32 17920 ----a-w- c:\windows\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-17 03:32 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer]
2001-03-01 08:53 77824 ------w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer]
2001-03-01 08:53 86016 ------w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 14:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-21 14:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroBrew]
2006-09-21 20:34 495616 ----a-w- c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-11 21:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 06:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 06:41 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 06:41 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PbAdminACAD]
2006-09-21 20:37 217088 ----a-w- c:\program files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-11-04 22:07 49152 ------w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 00:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-11-19 22:56 107000 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 15:28 16126464 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-04-06 17:22 1822720 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-03-25 22:19 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateFlow.ATT-SST]
2010-06-30 07:39 1057792 ----a-w- c:\program files\ATT-SST\McciBrowser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2006-07-28 13:56 122880 ------w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
2005-08-12 16:05 40960 ----a-w- c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"WinDefend"=2 (0x2)
"SeaPort"=2 (0x2)
"NVSvc"=2 (0x2)
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McComponentHostService"=3 (0x3)
"McciServiceHost"=2 (0x2)
"McciCMService"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"CyberPowerUPS"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Amazon Download Agent"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/27/2011 4:56 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/27/2011 4:57 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/27/2011 4:57 PM 656320]
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [10/11/2006 10:12 AM 76416]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [11/27/2011 4:56 PM 366840]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/24/2008 5:27 PM 38656]
S2 0206531322785919mcinstcleanup;McAfee Application Installer Cleanup (0206531322785919);c:\docume~1\Owner\LOCALS~1\Temp\020653~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Owner\LOCALS~1\Temp\020653~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2009 6:24 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2009 6:24 PM 133104]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/19/2009 2:03 PM 317440]
S4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [7/5/2010 7:05 PM 315392]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 0206531322785919MCINSTCLEANUP
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-25 11:08]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 23:24]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 23:24]
.
2011-11-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2011-12-02 c:\windows\Tasks\User_Feed_Synchronization-{3DB9A020-3481-434C-BCEC-AC02BC5A62CB}.job
- c:\windows\system32\msfeedssync.exe [2008-03-24 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Customize Menu - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-12-01 19:48
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(808)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\PC Tools Security\pctsSvc.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-01 19:51:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-02 00:51
ComboFix2.txt 2011-12-01 03:59
.
Pre-Run: 162,887,172,096 bytes free
Post-Run: 162,865,102,848 bytes free
.
- - End Of File - - 4BCF0B9C34D8DCF07633BB74DCC512FC

pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by Belahzur on Mon Dec 05, 2011 6:19 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Mon Dec 05, 2011 8:31 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=80f18a6b6db05c48aef6495b6f1ca46c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2011-12-05 08:15:59
# local_time=2011-12-05 03:15:59 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 86011100 86011100 0 0
# compatibility_mode=5121 16777174 0 3 243316 243316 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=162136
# found=16
# cleaned=16
# scan_time=3354
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\38\781b1ae6-5cbe4ac4 a variant of Win32/Kryptik.WGQ trojan (cleaned by deleting - quarantined) 98F669D6E8A0B92401DC6BD6ED1291D4 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\117b59ec-6d4b7fa5 Win32/TrojanDownloader.Small.PIH trojan (cleaned by deleting - quarantined) C53ABB06E536067001B7352FA141A5FD C
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\49\25ceb71-20c4a0d3 a variant of Win32/Kryptik.WDX trojan (cleaned by deleting - quarantined) C43E5D7BA2FD64BBB152BDAE1E3E2ED3 C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1534\A0105565.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 9351C3DF58B5001733F2422324C7BE47 C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1534\A0105576.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 9351C3DF58B5001733F2422324C7BE47 C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1534\A0106576.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 9351C3DF58B5001733F2422324C7BE47 C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1534\A0107576.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 9351C3DF58B5001733F2422324C7BE47 C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1534\A0107586.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 9351C3DF58B5001733F2422324C7BE47 C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1534\A0107595.exe a variant of Win32/Kryptik.WDX trojan (cleaned by deleting - quarantined) C357791976EA4B8ECD92F91C877A2001 C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1535\A0107598.com a variant of Win32/Kryptik.VYL trojan (cleaned by deleting - quarantined) D96BC8D02D17316B592611ED9B22073E C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1535\A0107617.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 9351C3DF58B5001733F2422324C7BE47 C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1535\A0108617.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 9351C3DF58B5001733F2422324C7BE47 C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1536\A0108637.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 9351C3DF58B5001733F2422324C7BE47 C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1538\A0109549.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 9351C3DF58B5001733F2422324C7BE47 C
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP1538\A0110553.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 9351C3DF58B5001733F2422324C7BE47 C
C:\WINDOWS\system32\drivers\NmPar.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 9351C3DF58B5001733F2422324C7BE47 C

pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by Belahzur on Wed Dec 07, 2011 1:08 am

Hello.

Download [You must be registered and logged in to see this link.] by screen317 and save it to your Desktop.

  • Double-click Security Check.exe to start the application
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Wed Dec 07, 2011 1:16 am

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
McAfee Security Scan Plus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 11.0.1.152
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by Belahzur on Wed Dec 07, 2011 1:22 am

Hello.
Before we finish up, did you get an Extras.txt when you ran OTL?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Wed Dec 07, 2011 1:30 am

No, didn't get an Extras.txt file. should I re-run it?

pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by Belahzur on Fri Dec 09, 2011 1:52 pm

Hello.
Nope, we'll get an uninstall list this way.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Sun Dec 11, 2011 6:26 pm

32 Bit HP CIO Components Installer
Adobe Acrobat 4.0
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Media Player
Adobe Photoshop.com Uploader
Adobe Photoshop.com Uploader
Adobe Reader X (10.1.1)
Adobe® Photoshop® Album Starter Edition 3.2
AIM 7
Amazon Games & Software Downloader
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Quick Fix Client
AT&T Self Support Tool
AT&T Toolbar
AT&T Wireless Connection Tool
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
Audacity 1.2.6
Audit Support Center 1.0
AutoCAD 2006 - English
AutoCAD Civil 3D 2008
Autodesk Design Review 2008
Autodesk DWF Viewer
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
Autodesk Vault 2008
Autodesk Vault 2008
Bing Bar
Bing Bar Platform
Bluebeam PDF Revu v4.7.1
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
Creative MediaSource
Creative MediaSource 5
Creative Removable Disk Manager
Creative Software AutoUpdate
Creative System Information
Creative Zen Vision M
Critical Update for Windows Media Player 11 (KB959772)
Download Updater (AOL LLC)
DWG TrueView 2007
Eagle Point
eMusic Download Manager 4.1.3.1
ESET Online Scanner v3
Garmin Communicator Plugin
Garmin USB Drivers
GoodSync
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP LaserJet 3200 Uninstaller
HP Officejet All-In-One Series
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPDiagnosticAlert
Hydraflow Hydrographs 2004
iTunes
Java(TM) 6 Update 26
JMB36X Raid Configurer
Lizardtech DjVu Control
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MosChip Multi-IO Controller
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MyPublisher
Nero Suite
NetMos Multi-IO Controller
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
Pandora
Pandora
PayPal Plug-In
PowerDVD
PowerPanel
QuickBooks Pro 2005
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.92
Rhapsody
Rhapsody Player Engine
Rhapsody Player Engine
RoboForm 7-6-3 (All Users)
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Shop for HP Supplies
Sound Blaster X-Fi
Spelling Dictionaries Support For Adobe Reader 8
SUPERAntiSpyware
The Options Toolbox v5.0
TurboTax 2008
TurboTax 2008 wgaiper
TurboTax 2008 wgasbpm
TurboTax 2008 WinBizFedFormset
TurboTax 2008 WinBizProgramHelp
TurboTax 2008 WinBizReleaseEngine
TurboTax 2008 WinBizTaxSupport
TurboTax 2008 WinBizUserEducation
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wgaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wgaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax Business 2007
TurboTax Business 2008
TurboTax Deluxe 2007
TurboTax Home & Business 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
VLC media player 1.1.10
WebEx
Windows Defender
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Yahoo! Autosync
Yahoo! Music Engine
Yahoo! Toolbar


pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by Belahzur on Mon Dec 12, 2011 12:36 am

Hello.
Okay, looks good, just some old programs to update now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 26

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-7u1-windows-i586.exe that you downloaded to install the newest version.

Download and install [You must be registered and logged in to see this link.]
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Mon Dec 12, 2011 3:19 am

It seems to be running fine now. Is there any thing else I need to do (i.e delete all the programs you had me download)?? I really appreciate you help with my problem.

pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by Belahzur on Wed Dec 14, 2011 10:30 pm

Nope, your free to go.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Fri Dec 16, 2011 7:10 pm

Thanks! I just noticed my DVD/Cd Player will not play a music cd or open a DVD. In Device Manager it says the device is working properly. I don't know if this is a related problem but thought I would run it by you and see what you thought.

pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by Belahzur on Sat Dec 17, 2011 10:50 pm

It doesn't autorun? yeah that is caused by our tools.

Can you launch it using this? [You must be registered and logged in to see this link.]

Install VLC Player, see if you can play the music from CD's now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer infected with xp antispyware 2012 virus

Post by pointman on Sun Dec 18, 2011 4:15 am

I already have VLC Player installed. It won't play the DVD either. I can't even use an installation dvd. Strange, huh??

pointman
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2010-01-02
OS OS : windows XP
Points Points : 26551
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum