1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved System slow and hanging

Discussion in 'Malware and Virus Removal Archive' started by bracklapiper, 2012/01/19.

  1. 2012/01/19
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
    [Resolved] System slow and hanging

    hi my daughters laptop is slow and sometimes hangs when opening things up.
    i tried all the checks before and no viruses were coming up in the searches i then installed the beta version of the spybot and it found problems. here are the searches i just done for this post.
    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.18.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Donald :: DONALDSLAPTOP [administrator]

    18/01/2012 20:49:38
    mbam-log-2012-01-18 (20-49-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213702
    Time elapsed: 5 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-30 20:18:12
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD600BEVS-22LAT0 rev.01.06M01
    Running: d6fsx7x2[1].exe; Driver: C:\DOCUME~1\Donald\LOCALS~1\Temp\awlyikog.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\internet explorer\iexplore.exe[888] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10047D70 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[888] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10047CF0 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[888] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 10047D90 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[888] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 10047DB0 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[888] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10047D20 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[888] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10047C90 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[888] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 10047CC0 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CC0780 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (IEHelper/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[888] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[888] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[888] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[888] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[888] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[888] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[888] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[888] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[888] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[888] SHLWAPI.dll!SHCreateStreamOnFileA + 2066 77FC22BC 5 Bytes JMP 00CBC790 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (IEHelper/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[888] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00CC2C50 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (IEHelper/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10047D70 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10047CF0 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 10047D90 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 10047DB0 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10047D20 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10047C90 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 10047CC0 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (Data Manager/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CC0780 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (IEHelper/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] SHLWAPI.dll!SHCreateStreamOnFileA + 2066 77FC22BC 5 Bytes JMP 00CBC790 C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (IEHelper/iMesh, Inc)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[2804] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\internet explorer\iexplore.exe[2804] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  2. 2012/01/19
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
    here is some more searches

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Donald at 22:07:04 on 2012-01-18
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1217 [GMT 0:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
    C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://uk.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\toolbar\imeshdtxmltbpi.dll
    BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\toolbar\imeshdtxmltbpi.dll
    TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
    uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [EPSON Stylus Photo PX700W(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiene.exe /fu "c:\docume~1\donald\locals~1\temp\E_S8.tmp" /EF "HKCU "
    mRun: [SkyTel] SkyTel.EXE
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [DATAMNGR] c:\progra~1\imesha~1\mediabar\datamngr\DATAMN~1.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe "
    mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\donald\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\camiov~1.lnk - c:\program files\sierra imaging\image expert\IXApplet.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tmmoni~1.lnk - c:\program files\arcsoft\totalmedia 3\TMMonitor.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zdwlan~1.lnk - c:\program files\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{000AF14A-DA43-4191-999B-D010EFE53C96} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
    Notify: igfxcui - igfxdev.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 MpKsl6126380a;MpKsl6126380a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c25109c3-c2f2-4cda-8a3e-c27ed99fe22e}\MpKsl6126380a.sys [2012-1-18 29904]
    R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2012-1-9 38504]
    R2 GenPort2;GenPort2;c:\windows\system32\drivers\genport2.sys [2010-9-24 6112]
    R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2012-1-9 130976]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-1-9 892336]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-1-9 955816]
    S2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [2010-9-24 6112]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2010-1-18 20608]
    S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2010-1-18 450560]
    UnknownUnknown MpKsl4b1cbeb2;MpKsl4b1cbeb2; [x]
    UnknownUnknown MpKsl56d64457;MpKsl56d64457; [x]
    UnknownUnknown MpKsl5e9af6c2;MpKsl5e9af6c2; [x]
    UnknownUnknown MpKsl63c09ed8;MpKsl63c09ed8; [x]
    UnknownUnknown MpKsl7e7609fc;MpKsl7e7609fc; [x]
    UnknownUnknown MpKsl8ea9e683;MpKsl8ea9e683; [x]
    UnknownUnknown MpKslb26e2b71;MpKslb26e2b71; [x]
    UnknownUnknown MpKslca6e0e50;MpKslca6e0e50; [x]
    UnknownUnknown MpKsled0ef80c;MpKsled0ef80c; [x]
    .
    =============== Created Last 30 ================
    .
    2012-01-18 21:55:05 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c25109c3-c2f2-4cda-8a3e-c27ed99fe22e}\MpKsl6126380a.sys
    2012-01-18 21:50:20 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c25109c3-c2f2-4cda-8a3e-c27ed99fe22e}\mpengine.dll
    2012-01-09 21:26:41 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2012-01-09 21:26:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2012-01-09 21:26:06 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    .
    ==================== Find3M ====================
    .
    2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    ============= FINISH: 22:14:01.69 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 18/01/2010 11:28:50
    System Uptime: 18/01/2012 18:32:14 (4 hours ago)
    .
    Motherboard: Notebook | | MIM 2230
    Processor: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz | CPU | 1463/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 40 GiB total, 9.24 GiB free.
    D: is FIXED (FAT32) - 16 GiB total, 10.577 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP476: 17/11/2011 17:26:05 - Software Distribution Service 3.0
    RP477: 18/11/2011 16:53:33 - Software Distribution Service 3.0
    RP478: 19/11/2011 16:53:35 - Software Distribution Service 3.0
    RP479: 20/11/2011 01:55:00 - Software Distribution Service 3.0
    RP480: 20/11/2011 16:53:39 - Software Distribution Service 3.0
    RP481: 21/11/2011 16:53:58 - Software Distribution Service 3.0
    RP482: 22/11/2011 16:53:28 - Software Distribution Service 3.0
    RP483: 23/11/2011 16:53:40 - Software Distribution Service 3.0
    RP484: 24/11/2011 16:54:11 - Software Distribution Service 3.0
    RP485: 25/11/2011 16:57:31 - Software Distribution Service 3.0
    RP486: 26/11/2011 16:55:21 - Software Distribution Service 3.0
    RP487: 27/11/2011 01:53:34 - Software Distribution Service 3.0
    RP488: 27/11/2011 16:54:56 - Software Distribution Service 3.0
    RP489: 28/11/2011 16:56:40 - Software Distribution Service 3.0
    RP490: 29/11/2011 16:55:09 - Software Distribution Service 3.0
    RP491: 30/11/2011 16:54:58 - Software Distribution Service 3.0
    RP492: 01/12/2011 20:34:23 - Software Distribution Service 3.0
    RP493: 04/12/2011 12:52:35 - Software Distribution Service 3.0
    RP494: 05/12/2011 20:13:42 - System Checkpoint
    RP495: 06/12/2011 09:30:56 - Software Distribution Service 3.0
    RP496: 06/12/2011 09:47:50 - Installed Windows Media Player 11
    RP497: 06/12/2011 09:49:43 - Software Distribution Service 3.0
    RP498: 07/12/2011 10:25:57 - System Checkpoint
    RP499: 07/12/2011 22:29:11 - Software Distribution Service 3.0
    RP500: 08/12/2011 00:00:18 - Software Distribution Service 3.0
    RP501: 08/12/2011 22:53:39 - Software Distribution Service 3.0
    RP502: 09/12/2011 22:48:37 - Software Distribution Service 3.0
    RP503: 10/12/2011 23:45:39 - System Checkpoint
    RP504: 12/12/2011 00:17:39 - System Checkpoint
    RP505: 12/12/2011 22:48:10 - Software Distribution Service 3.0
    RP506: 13/12/2011 23:16:42 - System Checkpoint
    RP507: 14/12/2011 23:45:57 - System Checkpoint
    RP508: 15/12/2011 22:50:36 - Software Distribution Service 3.0
    RP509: 16/12/2011 00:00:49 - Software Distribution Service 3.0
    RP510: 17/12/2011 00:46:51 - System Checkpoint
    RP511: 18/12/2011 01:46:52 - System Checkpoint
    RP512: 19/12/2011 00:49:55 - Software Distribution Service 3.0
    RP513: 20/12/2011 00:48:52 - Software Distribution Service 3.0
    RP514: 21/12/2011 01:46:31 - System Checkpoint
    RP515: 22/12/2011 00:50:07 - Software Distribution Service 3.0
    RP516: 24/12/2011 13:24:18 - System Checkpoint
    RP517: 25/12/2011 02:30:31 - Software Distribution Service 3.0
    RP518: 25/12/2011 11:35:11 - Software Distribution Service 3.0
    RP519: 03/01/2012 21:54:05 - Software Distribution Service 3.0
    RP520: 04/01/2012 21:48:01 - Software Distribution Service 3.0
    RP521: 05/01/2012 00:00:29 - Software Distribution Service 3.0
    RP522: 07/01/2012 00:22:44 - Software Distribution Service 3.0
    RP523: 08/01/2012 14:17:54 - System Checkpoint
    RP524: 09/01/2012 14:05:47 - Software Distribution Service 3.0
    RP525: 10/01/2012 14:25:24 - System Checkpoint
    RP526: 11/01/2012 09:34:56 - Software Distribution Service 3.0
    RP527: 12/01/2012 00:00:50 - Software Distribution Service 3.0
    RP528: 12/01/2012 09:29:27 - Software Distribution Service 3.0
    RP529: 18/01/2012 18:20:59 - C
    RP530: 18/01/2012 18:22:36 - Software Distribution Service 3.0
    RP531: 18/01/2012 18:27:39 - Installed ZyDAS IEEE 802.11 b+g Wireless LAN - USB
    RP532: 18/01/2012 18:49:07 - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Any Video Converter 3.0.7
    AppGraffiti
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft TotalMedia 3
    AutoUpdate
    Bagpipe Player
    Bluetooth Stack for Windows
    Bonjour
    Cossacks - The Art Of War
    DivX
    DivX Player
    Epson Easy Photo Print 2
    Epson Event Manager
    Epson Print CD
    EPSON PX700W Series Printer Uninstall
    EPSON Scan
    EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Manual
    EPSON Web-To-Page
    EpsonNet Print
    Family Tree Maker 2009
    FileHippo.com Update Checker
    Foxit Reader 5.0
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Image Expert
    Inbox Toolbar
    Intel(R) Graphics Media Accelerator Driver
    iSofter DVD Ripper Platinum 3.0.2007.228
    iTunes
    Java(TM) 6 Update 27
    Malwarebytes Anti-Malware version 1.60.0.1800
    MediaBar
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WSE 3.0
    MSN
    MSVCRT
    Nero Suite
    PowerDVD
    QuickTime
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Spotify
    Spybot - Search & Destroy 2
    System Requirements Lab for Intel
    UltraISO V7.62 ME
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WinRAR archiver
    ZyDAS IEEE 802.11 b+g Wireless LAN - USB
    .
    ==== Event Viewer Messages From Past Week ========
    .
    18/01/2012 18:31:31, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2715.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    18/01/2012 18:31:31, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2715.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    18/01/2012 18:31:31, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2715.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    18/01/2012 18:31:31, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2715.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    18/01/2012 18:31:10, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2715.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    18/01/2012 18:19:37, error: Service Control Manager [7000] - The GenPort service failed to start due to the following error: The parameter is incorrect.
    11/01/2012 09:29:28, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2524.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    .
    ==== End Of File ===========================
     

  3. to hide this advert.

  4. 2012/01/19
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-18 22:04:23
    -----------------------------
    22:04:23.119 OS Version: Windows 5.1.2600 Service Pack 3
    22:04:23.119 Number of processors: 1 586 0xE08
    22:04:23.119 ComputerName: DONALDSLAPTOP UserName: Donald
    22:04:23.619 Initialize success
    22:04:28.401 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    22:04:28.401 Disk 0 Vendor: WDC_WD600BEVS-22LAT0 01.06M01 Size: 57231MB BusType: 3
    22:04:28.432 Disk 0 MBR read successfully
    22:04:28.432 Disk 0 MBR scan
    22:04:28.432 Disk 0 Windows XP default MBR code
    22:04:28.463 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40923 MB offset 63
    22:04:28.463 Disk 0 Partition - 00 0F Extended LBA 16300 MB offset 83811105
    22:04:28.526 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 16300 MB offset 83811168
    22:04:28.526 Disk 0 scanning sectors +117194175
    22:04:28.635 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:04:54.729 Service scanning
    22:04:55.166 Service MpKsl6126380a c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C25109C3-C2F2-4CDA-8A3E-C27ED99FE22E}\MpKsl6126380a.sys **LOCKED** 32
    22:04:55.760 Modules scanning
    22:05:33.557 Disk 0 trace - called modules:
    22:05:34.088 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    22:05:34.088 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a37fab8]
    22:05:34.088 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000068[0x8a35a9e8]
    22:05:34.088 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a36b940]
    22:05:34.104 Scan finished successfully
    22:06:51.713 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Donald\My Documents\MBR.dat "
    22:06:51.729 The log file has been saved successfully to "C:\Documents and Settings\Donald\My Documents\aswMBR.txt "

    and here is what spybot found
    Search results from Spybot - Search & Destroy

    09/01/2012 21:52:28
    Scan took 00:19:07.

    Click.GiftLoad: [SBI $89783858] User settings (Registry Value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

    Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry Value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes

    Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry Value, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes

    Right Media: [SBI $7F76510F] Tracking cookie (Internet Explorer (User): Donald) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $7F76510F] Tracking cookie (Internet Explorer (User): Donald) (Browser: Cookie, nothing done)


    MediaPlex: [SBI $7F76510F] Tracking cookie (Internet Explorer (User): Donald) (Browser: Cookie, nothing done)


    MediaPlex: [SBI $7F76510F] Tracking cookie (Internet Explorer (User): Donald) (Browser: Cookie, nothing done)


    DoubleClick: [SBI $7F76510F] Tracking cookie (Internet Explorer (User): Donald) (Browser: Cookie, nothing done)


    Statcounter: [SBI $7F76510F] Tracking cookie (Internet Explorer (Inactive Users): Kirsty) (Browser: Cookie, nothing done)


    Common Dialogs: [SBI $7F76510F] History (124 files) (Registry Key, nothing done)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    Log: [SBI $7F76510F] Activity: SchedLgU.Txt (File, nothing done)
    C:\WINDOWS\SchedLgU.Txt
    Properties.size=32060
    Properties.md5=CC7B84A37EDDAA12F0F59106FE9CE51A
    Properties.filedate=1325896317
    Properties.filedatetext=2012-01-07 00:31:56

    Log: [SBI $7F76510F] Activity: imsins.log (File, nothing done)
    C:\WINDOWS\imsins.log
    Properties.size=1393
    Properties.md5=447DD94B497801FEAE822EF4007E7B2A
    Properties.filedate=1323995150
    Properties.filedatetext=2011-12-16 00:25:50

    Log: [SBI $7F76510F] Install: comsetup.log (File, nothing done)
    C:\WINDOWS\comsetup.log
    Properties.size=131143
    Properties.md5=3E385C01E61CB329D4267642D83234EB
    Properties.filedate=1323995150
    Properties.filedatetext=2011-12-16 00:25:50

    Log: [SBI $7F76510F] Install: ocgen.log (File, nothing done)
    C:\WINDOWS\ocgen.log
    Properties.size=203229
    Properties.md5=5E6CD73B1931371A300E2EE70F988977
    Properties.filedate=1323995150
    Properties.filedatetext=2011-12-16 00:25:50

    Log: [SBI $7F76510F] Install: setupact.log (File, nothing done)
    C:\WINDOWS\setupact.log
    Properties.size=120
    Properties.md5=BEED859862DD30EC68C84C61AB7417EB
    Properties.filedate=1314700285
    Properties.filedatetext=2011-08-30 10:31:24

    Log: [SBI $7F76510F] Install: setupapi.log (File, nothing done)
    C:\WINDOWS\setupapi.log
    Properties.size=393483
    Properties.md5=68826FB674CFB0A6EE624D0912458C6C
    Properties.filedate=1326144498
    Properties.filedatetext=2012-01-09 21:28:18

    Log: [SBI $7F76510F] Install: wmsetup.log (File, nothing done)
    C:\WINDOWS\wmsetup.log
    Properties.size=9007
    Properties.md5=4F3994A06B8B264A41AC8C74F3DADE69
    Properties.filedate=1323302542
    Properties.filedatetext=2011-12-08 00:02:21

    Log: [SBI $7F76510F] Shutdown: System32\wbem\logs\mofcomp.log (File, nothing done)
    C:\WINDOWS\System32\wbem\logs\mofcomp.log
    Properties.size=3051
    Properties.md5=27F0C68B6FDA0DA88F1FA5B19819B0EE
    Properties.filedate=1325895789
    Properties.filedatetext=2012-01-07 00:23:09

    Log: [SBI $7F76510F] Shutdown: System32\wbem\logs\wbemcore.log (File, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemcore.log
    Properties.size=12847
    Properties.md5=7EF0BEC0EEB75EFBDE0C01199FA58D98
    Properties.filedate=1326143143
    Properties.filedatetext=2012-01-09 21:05:42

    Log: [SBI $7F76510F] Shutdown: System32\wbem\logs\wbemess.lo_ (File, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.lo_
    Properties.size=65553
    Properties.md5=15B49C9359ED7B7C83678119D4AD2029
    Properties.filedate=1323165890
    Properties.filedatetext=2011-12-06 10:04:50

    Log: [SBI $7F76510F] Shutdown: System32\wbem\logs\wbemess.log (File, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log
    Properties.size=52631
    Properties.md5=6209A2771A5855CD26B020CAF1973154
    Properties.filedate=1326144410
    Properties.filedatetext=2012-01-09 21:26:49

    Log: [SBI $7F76510F] Shutdown: System32\wbem\logs\wbemprox.log (File, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log
    Properties.size=2801
    Properties.md5=0E81A28CB3539FCEF931BC0DCAB0A3C2
    Properties.filedate=1323163070
    Properties.filedatetext=2011-12-06 09:17:49

    Log: [SBI $7F76510F] Shutdown: System32\wbem\logs\winmgmt.log (File, nothing done)
    C:\WINDOWS\System32\wbem\logs\winmgmt.log
    Properties.size=94
    Properties.md5=2650EBA16782FFA8FDEC95D3D718FE3B
    Properties.filedate=1314746924
    Properties.filedatetext=2011-08-30 23:28:43

    Log: [SBI $7F76510F] Shutdown: System32\wbem\logs\wmiadap.log (File, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiadap.log
    Properties.size=414
    Properties.md5=AE0E23DB93C702F90261D947442FF2F3
    Properties.filedate=1318547794
    Properties.filedatetext=2011-10-13 23:16:33

    Log: [SBI $7F76510F] Shutdown: System32\wbem\logs\wmiprov.log (File, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log
    Properties.size=8461
    Properties.md5=0A410B465A4C5D12E1237B5C2F68A1A4
    Properties.filedate=1326031340
    Properties.filedatetext=2012-01-08 14:02:20

    Ahead Nero Burning Rom: [SBI $F9C5E63A] Last encoding directory (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\EncodingLastDir

    Ahead Nero Burning Rom: [SBI $DE353278] Browser directory (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir

    Ahead Nero Burning Rom: [SBI $F3FD92E9] Working directory (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir

    Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: [SBI $D9A946AF] Last used directory (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Internet Explorer\Main\Save Directory

    Internet Explorer: [SBI $FF589D0C] Download directory (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Internet Explorer\Download Directory

    Internet Explorer: [SBI $FF589D0C] Download directory (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Internet Explorer\Download Directory

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Media Player: [SBI $E48560B4] Recent file list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\MediaPlayer\Player\RecentFileList

    MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

    MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

    MS Media Player: [SBI $1BDA487B] Last selected track index (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

    MS Media Player: [SBI $1BDA487B] Last selected track index (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

    MS Media Player: [SBI $3B46EBCE] Manually modified tags history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit

    MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\DirectInput\MostRecentApplication\Id

    MS Office 12.0: [SBI $31A61065] Internet history (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation

    MS Office 12.0: [SBI $31A61065] Internet history (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation

    MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Office\12.0\Excel\File MRU

    MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Office\12.0\Excel\File MRU

    MS Office 12.0 (PowerPoint): [SBI $242E8728] Recent Slideshow List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Office\12.0\PowerPoint\File MRU

    MS Office 12.0 (PowerPoint): [SBI $242E8728] Recent Slideshow List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Office\12.0\PowerPoint\File MRU

    MS Office 12.0 (Publisher): [SBI $CBBE5E84] Recent Publication List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Office\12.0\Publisher\Recent File List

    MS Office 12.0 (Publisher): [SBI $CBBE5E84] Recent Publication List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Office\12.0\Publisher\Recent File List

    MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Office\12.0\Word\File MRU

    MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Office\12.0\Word\File MRU

    MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows.OpenWith: [SBI $48691F6C] Open with list - .ASD extension (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASD\OpenWithList

    Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows.OpenWith: [SBI $C8454735] Open with list - .BIF extension (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIF\OpenWithList

    Windows.OpenWith: [SBI $691C1B44] Open with list - .BIN extension (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

    Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: [SBI $63036C95] Open with list - .CAB extension (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList

    Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

    Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

    Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: [SBI $85C2C910] Last Copy/MoveTo folder (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\WinRAR\ArcHistory

    WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\WinRAR\General\LastFolder

    WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1957994488-725345543-1004\Software\WinRAR\DialogEditHistory\ExtrPath

    Cookie: [SBI $49804B54] Browser: Cookie (131) (Browser: Cookie, nothing done)


    Cache: [SBI $49804B54] Browser: Cache (1717) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (34) (Browser: History, nothing done)


    Cookie: [SBI $49804B54] Browser: Cookie (192) (Browser: Cookie, nothing done)



    --- Spybot - Search & Destroy version: 2.0.6.131 DLL (build: 20111005) ---

    2011-10-05 blindman.exe (2.0.6.151)
    2011-10-05 explorer.exe (2.0.6.170)
    2003-04-18 ntrights.exe
    2011-10-05 SDBootCD.exe (2.0.6.108)
    2011-10-05 SDCleaner.exe (2.0.6.106)
    2011-10-05 SDDelFile.exe (2.0.6.94)
    2011-10-05 SDFiles.exe (2.0.6.127)
    2011-10-05 SDFSSvc.exe (2.0.6.196)
    2011-10-05 SDHookHelper.exe (2.0.6.1)
    2011-10-05 SDHookInst32.exe (2.0.6.1)
    2011-10-05 SDHookSvc.exe (2.0.6.1)
    2011-10-05 SDImmunize.exe (2.0.6.125)
    2011-10-05 SDLogReport.exe (2.0.6.104)
    2011-10-05 SDMain.exe (2.0.6.92)
    2011-10-05 SDPhoneScan.exe (2.0.6.27)
    2011-10-05 SDPrepPos.exe (2.0.6.10)
    2011-10-05 SDQuarantine.exe (2.0.6.102)
    2011-10-05 SDRootAlyzer.exe (2.0.6.114)
    2011-10-05 SDScan.exe (2.0.6.170)
    2011-10-05 SDSettings.exe (2.0.6.112)
    2011-10-05 SDShred.exe (2.0.6.104)
    2011-10-05 SDSysRepair.exe (2.0.6.101)
    2011-10-05 SDTools.exe (2.0.6.141)
    2011-10-05 SDTray.exe (2.0.6.122)
    2011-10-05 SDUpdate.exe (2.0.6.84)
    2011-10-05 SDUpdSvc.exe (2.0.6.76)
    2011-10-05 SDWelcome.exe (2.0.6.119)
    2012-01-09 unins000.exe (51.52.0.0)
    1999-12-02 xcacls.exe
    2007-04-02 aports.dll (2.1.0.0)
    2006-03-03 borlndmm.dll (10.0.2288.42451)
    2010-09-06 DelZip190.dll (1.9.0.87)
    2009-10-01 pcrelib.dll
    2011-10-05 SDAdvancedCheckLibrary.dll (2.0.6.98)
    2011-10-05 SDDialogs.dll (2.0.6.13)
    2011-10-05 SDECon32.dll (2.0.6.113)
    2011-10-05 SDEvents.dll (2.0.6.2)
    2011-10-05 SDHelper.dll (2.0.6.88)
    2011-10-05 SDHook32.dll (2.0.6.1)
    2011-10-05 SDImmunizeLibrary.dll (2.0.6.1)
    2011-10-05 sdinsTasks.dll (1.0.0.10)
    2011-10-05 SDLists.dll (2.0.6.4)
    2011-10-05 SDResources.dll (2.0.6.1)
    2011-10-05 SDScanLibrary.dll (2.0.6.131)
    2011-10-05 SDWinLogon.dll (2.0.6.0)
    2011-04-20 sqlite3.dll
    2011-10-05 Tools.dll (2.0.6.36)
    2011-10-05 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-05-09 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-03-29 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2011-04-05 Includes\Malware.sbi (*)
    2011-05-09 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-03-15 Includes\PUPSC.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-05-03 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-05-10 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti (*)
    2010-12-28 Includes\Trojans.sbi (*)
    2011-05-11 Includes\TrojansC-02.sbi (*)
    2011-05-11 Includes\TrojansC-03.sbi (*)
    2011-05-11 Includes\TrojansC-04.sbi (*)
    2011-05-11 Includes\TrojansC-05.sbi (*)
    2011-05-11 Includes\TrojansC.sbi (*)
     
  5. 2012/01/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. 2012/01/19
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
    ComboFix 12-01-19.01 - Donald 19/01/2012 21:12:52.6.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1416 [GMT 0:00]
    Running from: c:\documents and settings\Donald\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\EventSystem.log
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-18 21:50 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C25109C3-C2F2-4CDA-8A3E-C27ED99FE22E}\mpengine.dll
    2012-01-09 21:26 . 2012-01-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2012-01-09 21:26 . 2009-01-25 13:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2012-01-09 21:26 . 2012-01-09 21:26 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-10 15:24 . 2010-07-10 23:12 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-21 10:47 . 2011-04-09 11:00 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
    2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 15:28 . 2004-08-04 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28 . 2004-08-04 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
    2011-01-24 15:45 89008 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
    2011-02-08 15:47 721288 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{28387537-e3f9-4ed7-860c-11e69af4a8a0} "= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008]
    .
    [HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com "= "c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SkyTel "= "SkyTel.EXE" [2006-05-16 2879488]
    "RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
    "RTHDCPL "= "RTHDCPL.EXE" [2006-05-18 16207872]
    "EEventManager "= "c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-02-14 421888]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "SDTray "= "c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
    "Spybot-S&D Cleaning "= "c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Donald\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Camio Viewer.lnk - c:\program files\Sierra Imaging\Image Expert\IXApplet.exe [2010-1-18 103936]
    TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3\TMMonitor.exe [2010-1-23 249856]
    ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\WINDOWS\\system32\\mmc.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Spotify\\spotify.exe "=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe "=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe "=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe "=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe "=
    .
    R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [09/01/2012 21:26 38504]
    R2 GenPort2;GenPort2;c:\windows\system32\drivers\genport2.sys [24/09/2010 14:25 6112]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [09/01/2012 21:26 892336]
    S2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [24/09/2010 14:25 6112]
    S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [09/01/2012 21:26 130976]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [09/01/2012 21:26 955816]
    S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [18/01/2010 11:49 450560]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-19 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-01-09 15:46]
    .
    2012-01-19 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
    .
    2012-01-19 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-01-09 15:46]
    .
    2012-01-18 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-01-09 15:46]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://uk.yahoo.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-19 21:18
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(840)
    c:\windows\system32\mswsock.dll
    c:\windows\System32\wshtcpip.dll
    .
    Completion time: 2012-01-19 21:21:24
    ComboFix-quarantined-files.txt 2012-01-19 21:21
    .
    Pre-Run: 9,743,380,480 bytes free
    Post-Run: 9,838,166,016 bytes free
    .
    - - End Of File - - 6591A7B224CA45750A2911B24E2A91F1
     
  7. 2012/01/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. 2012/01/19
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
    OTL logfile created on: 19/01/2012 22:59:51 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Donald\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.31% Memory free
    3.84 Gb Paging File | 3.27 Gb Available in Paging File | 85.16% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 39.96 Gb Total Space | 9.19 Gb Free Space | 22.98% Space Free | Partition Type: NTFS
    Drive D: | 15.90 Gb Total Space | 10.58 Gb Free Space | 66.51% Space Free | Partition Type: FAT32

    Computer Name: DONALDSLAPTOP | User Name: Donald | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/19 22:57:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donald\Desktop\OTL.exe
    PRC - [2011/10/05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011/02/08 15:46:58 | 001,115,568 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
    PRC - [2010/08/09 12:47:54 | 000,248,832 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/01/25 15:33:20 | 000,249,856 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
    PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
    PRC - [2001/10/30 12:58:24 | 000,103,936 | ---- | M] (Sierra Imaging) -- C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/08 14:06:29 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
    MOD - [2012/01/08 14:05:55 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
    MOD - [2012/01/05 00:16:02 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2011/10/13 23:19:46 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
    MOD - [2011/10/13 23:17:10 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
    MOD - [2011/10/13 23:17:02 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
    MOD - [2011/10/13 23:16:42 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
    MOD - [2011/10/13 23:14:36 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
    MOD - [2011/10/13 23:13:57 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    MOD - [2011/10/05 13:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
    MOD - [2011/04/20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    MOD - [2011/02/06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/01/24 15:45:36 | 000,089,008 | ---- | M] () -- C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll
    MOD - [2007/04/02 12:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
    MOD - [2005/08/05 16:24:00 | 000,028,672 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3\uPiApi.dll
    MOD - [2004/07/20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
    SRV - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
    SRV - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
    SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/10/05 15:45:46 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)
    DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2008/11/07 21:15:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2008/04/13 18:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
    DRV - [2007/02/06 15:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
    DRV - [2006/09/28 11:47:48 | 000,283,776 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
    DRV - [2006/06/27 14:32:02 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
    DRV - [2006/06/27 14:32:02 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(SMC)) 802.11g Wireless USB2.0 Adapter Driver(SMC)
    DRV - [2006/05/16 17:32:58 | 004,275,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2005/12/23 10:25:10 | 000,006,861 | R--- | M] (Conexant Systems, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UIUSYS.SYS -- (UIUSys)
    DRV - [2005/06/08 18:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
    DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
    DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [1998/12/23 19:23:34 | 000,006,112 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\genport2.sys -- (GenPort2)
    DRV - [1998/12/23 18:20:34 | 000,006,112 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\genport.sys -- (GenPort)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577



    IE - HKU\S-1-5-21-861567501-1957994488-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
    IE - HKU\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
    FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


    [2010/08/26 22:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Extensions
    [2010/08/26 22:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Extensions\home2@tomtom.com
    File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

    O1 HOSTS File: ([2012/01/19 21:18:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
    O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKU\S-1-5-21-861567501-1957994488-725345543-1004\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKU\S-1-5-21-861567501-1957994488-725345543-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-861567501-1957994488-725345543-1004..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (Sierra Imaging)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe (ArcSoft, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-861567501-1957994488-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-861567501-1957994488-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-861567501-1957994488-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-861567501-1957994488-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77B6BB3F-694B-44C2-8C49-68119F0221E3}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Donald\My Documents\My Pictures\finn 2.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Donald\My Documents\My Pictures\finn 2.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/01/18 11:26:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/19 22:57:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Donald\Desktop\OTL.exe
    [2012/01/19 21:10:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/01/19 21:10:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/01/19 21:10:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/01/19 21:10:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/01/19 21:05:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/19 21:02:12 | 004,388,139 | R--- | C] (Swearware) -- C:\Documents and Settings\Donald\Desktop\ComboFix.exe
    [2012/01/18 21:54:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Donald\Desktop\dds.scr
    [2012/01/18 21:53:46 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Donald\Desktop\aswMBR.exe
    [2012/01/18 18:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZyDAS IEEE 802.11 b+g Wireless LAN - USB
    [2012/01/09 21:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2012/01/09 21:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
    [2012/01/09 21:26:14 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
    [2012/01/09 21:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2

    ========== Files - Modified Within 30 Days ==========

    [2012/01/19 22:57:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donald\Desktop\OTL.exe
    [2012/01/19 21:18:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/01/19 21:08:41 | 004,388,139 | R--- | M] (Swearware) -- C:\Documents and Settings\Donald\Desktop\ComboFix.exe
    [2012/01/19 20:28:53 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012/01/19 20:25:57 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
    [2012/01/19 20:22:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/19 10:31:57 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2012/01/18 22:06:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Donald\My Documents\MBR.dat
    [2012/01/18 21:54:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Donald\Desktop\dds.scr
    [2012/01/18 21:53:49 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Donald\Desktop\aswMBR.exe
    [2012/01/18 20:57:28 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Donald\Desktop\yz3jqeq0.exe
    [2012/01/18 18:41:10 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
    [2012/01/18 18:28:01 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk
    [2012/01/18 18:18:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/01/12 00:12:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/01/09 21:53:34 | 000,000,082 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2012/01/09 21:26:23 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
    [2012/01/09 21:18:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/05 00:17:38 | 000,466,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/01/05 00:17:38 | 000,081,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2012/01/19 21:10:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/19 21:10:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/19 21:10:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/01/19 21:10:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/01/19 21:10:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/01/18 22:06:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Donald\My Documents\MBR.dat
    [2012/01/18 20:57:03 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Donald\Desktop\yz3jqeq0.exe
    [2012/01/18 18:28:01 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk
    [2012/01/09 21:53:34 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2012/01/09 21:26:51 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2012/01/09 21:26:51 | 000,000,322 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
    [2012/01/09 21:26:49 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
    [2012/01/09 21:26:24 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2012/01/09 21:26:23 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
    [2012/01/09 21:18:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2010/10/05 02:49:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/09/24 14:25:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
    [2010/09/24 14:25:29 | 000,006,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\genport2.sys
    [2010/09/24 14:25:29 | 000,006,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\genport.sys
    [2010/07/07 12:01:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/05/21 15:45:42 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
    [2010/03/20 21:30:30 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/03/20 21:30:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/03/20 21:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2010/03/19 21:08:38 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2010/02/11 05:26:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
    [2010/02/10 16:10:03 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT
    [2010/02/10 15:29:13 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2010/02/10 15:29:13 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2010/02/10 15:29:13 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2010/02/10 15:29:13 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2010/02/10 15:29:13 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2010/02/10 15:29:13 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2010/02/10 15:29:13 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2010/02/10 15:29:13 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2010/02/10 15:29:13 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2010/02/10 15:29:13 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2010/02/10 15:29:13 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2010/02/10 15:29:13 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2010/02/10 15:29:13 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2010/02/10 15:29:13 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2010/02/10 15:29:13 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2010/02/10 15:29:13 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2010/02/10 15:29:13 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2010/02/10 15:29:13 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2010/02/10 15:29:13 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2010/01/30 19:59:07 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2010/01/30 17:13:54 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2010/01/28 17:10:11 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Donald\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/23 15:25:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
    [2010/01/23 15:16:58 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
    [2010/01/18 14:28:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/01/18 11:51:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2010/01/18 11:49:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2010/01/18 11:49:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
    [2010/01/18 11:49:04 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2010/01/18 11:28:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/01/18 11:23:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/01/16 18:14:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/01/16 18:13:33 | 000,281,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2004/12/02 15:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2004/09/22 10:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2004/09/01 15:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
    [2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 12:00:00 | 000,466,814 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 12:00:00 | 000,081,646 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [2003/07/29 15:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
    [2001/09/04 13:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/09/04 13:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    ========== LOP Check ==========

    [2011/03/14 16:20:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/02/10 16:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2010/03/19 21:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2011/03/10 15:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
    [2010/08/26 22:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2011/09/06 08:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
    [2010/02/10 15:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2011/03/11 16:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/06/15 18:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
    [2010/03/19 19:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\AnvSoft
    [2011/10/19 21:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\AppGraffiti
    [2010/01/29 15:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2010/01/30 21:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/10/23 20:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\ElevatedDiagnostics
    [2011/01/31 20:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Epson
    [2011/06/15 19:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\imeshbandmltbpi
    [2011/06/15 19:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\mediabarim
    [2011/03/09 19:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Sports Interactive
    [2010/08/26 22:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\TomTom
    [2011/04/08 12:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\uTorrent
    [2011/09/12 18:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty.DONALDSLAPTOP\Application Data\AppGraffiti
    [2011/06/04 16:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty.DONALDSLAPTOP\Application Data\com.w3i.intune
    [2011/09/21 14:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty.DONALDSLAPTOP\Application Data\Epson
    [2011/05/24 20:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty.DONALDSLAPTOP\Application Data\imeshbandmltbpi
    [2011/10/09 15:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty.DONALDSLAPTOP\Application Data\Inbox Toolbar
    [2011/05/24 20:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty.DONALDSLAPTOP\Application Data\mediabarim
    [2011/12/01 09:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty.DONALDSLAPTOP\Application Data\Spotify
    [2012/01/19 20:25:57 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
    [2012/01/19 20:28:53 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2012/01/19 10:31:57 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2012/01/18 18:41:10 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/01/18 11:26:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/01/18 11:20:58 | 000,000,251 | ---- | M] () -- C:\Boot.bak
    [2010/07/09 12:11:55 | 000,000,321 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2012/01/19 21:21:24 | 000,009,770 | ---- | M] () -- C:\ComboFix.txt
    [2010/01/18 11:26:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/01/18 11:26:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/09/06 08:14:28 | 000,024,962 | ---- | M] () -- C:\JavaRa.log
    [2010/01/18 11:26:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/01/20 20:01:16 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/01/19 20:22:23 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/07/09 12:35:29 | 000,000,371 | ---- | M] () -- C:\rkill.log
    [2010/03/21 19:45:00 | 000,000,000 | ---- | M] () -- C:\statistics.xml

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010/01/18 11:26:23 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/11/23 22:00:11 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Donald\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/01/16 18:12:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2010/01/16 18:12:38 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2010/01/16 18:12:38 | 000,880,640 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/01/20 20:08:18 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/01/18 11:35:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Donald\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/01/18 11:35:07 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Donald\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/08/05 21:14:06 | 012,124,624 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Donald\Desktop\AdobeAIRInstaller.exe
    [2012/01/18 21:53:49 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Donald\Desktop\aswMBR.exe
    [2012/01/19 21:08:41 | 004,388,139 | R--- | M] (Swearware) -- C:\Documents and Settings\Donald\Desktop\ComboFix.exe
    [2012/01/19 22:57:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donald\Desktop\OTL.exe
    [2010/07/11 01:17:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donald\Desktop\TFC.exe
    [2012/01/18 20:57:28 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Donald\Desktop\yz3jqeq0.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/09/09 22:21:28 | 093,393,016 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Donald\My Documents\avg_free_stf_en_90_851a3009.exe
    [2010/02/17 22:35:21 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Donald\My Documents\spybotsd162.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/01/18 11:35:07 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Donald\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    No captured output from command...

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    No captured output from command...

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/01/19 21:21:27 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\Donald\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 18:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 18:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 18:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  9. 2012/01/19
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
    won't let me post the extras log saying i have 9 images included and only allowed 8. thank you for the help on this subject so far
     
  10. 2012/01/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
  11. 2012/01/20
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
  12. 2012/01/20
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
    sorry didn't check properly

    <a href=http://www.filedropper.com/extras_4><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >file storage online</a></div>
     
  13. 2012/01/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OTL Extras logfile created on: 19/01/2012 22:59:51 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Donald\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.31% Memory free
    3.84 Gb Paging File | 3.27 Gb Available in Paging File | 85.16% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 39.96 Gb Total Space | 9.19 Gb Free Space | 22.98% Space Free | Partition Type: NTFS
    Drive D: | 15.90 Gb Total Space | 10.58 Gb Free Space | 66.51% Space Free | Partition Type: FAT32

    Computer Name: DONALDSLAPTOP | User Name: Donald | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
     
  14. 2012/01/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\ArcSoft\TotalMedia 3\TotalMedia.exe" = C:\Program Files\ArcSoft\TotalMedia 3\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3 -- (ArcSoft, Inc.)
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 27
    "{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB
    "{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
    "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FF68083C-E11E-4A91-B54B-CD72AB5A0CF5}" = ArcSoft TotalMedia 3
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Any Video Converter_is1" = Any Video Converter 3.0.7
    "Bagpipe Player" = Bagpipe Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Cossacks : The Art Of War" = Cossacks - The Art Of War
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON PX700W Series" = EPSON PX700W Series Printer Uninstall
    "EPSON Scanner" = EPSON Scan
    "EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW User’s Guide" = EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Manual
    "FileHippo.com" = FileHippo.com Update Checker
    "Foxit Reader_is1" = Foxit Reader 5.0
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ie8" = Windows Internet Explorer 8
    "Image Expert" = Image Expert
    "iMesh 1 MediaBar" = MediaBar
    "iSofter DVD Ripper Platinum_is1" = iSofter DVD Ripper Platinum 3.0.2007.228
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "Spotify" = Spotify
    "UltraISO_is1" = UltraISO V7.62 ME
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
     
  15. 2012/01/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 19/01/2012 16:34:51 | Computer Name = DONALDSLAPTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
    P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 19/01/2012 17:00:35 | Computer Name = DONALDSLAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module unknown, version 0.0.0.0, fault address 0x03413d51.

    Error - 19/01/2012 17:00:44 | Computer Name = DONALDSLAPTOP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 19/01/2012 17:01:00 | Computer Name = DONALDSLAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module unknown, version 0.0.0.0, fault address 0x03479ddb.

    Error - 19/01/2012 17:01:01 | Computer Name = DONALDSLAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module unknown, version 0.0.0.0, fault address 0x03479ddb.

    Error - 19/01/2012 17:01:02 | Computer Name = DONALDSLAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module unknown, version 0.0.0.0, fault address 0x03479ddb.

    Error - 19/01/2012 17:01:03 | Computer Name = DONALDSLAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module unknown, version 0.0.0.0, fault address 0x03479ddb.

    Error - 19/01/2012 17:01:04 | Computer Name = DONALDSLAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module unknown, version 0.0.0.0, fault address 0x03479ddb.

    Error - 19/01/2012 17:01:05 | Computer Name = DONALDSLAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module unknown, version 0.0.0.0, fault address 0x03479ddb.

    Error - 19/01/2012 17:01:12 | Computer Name = DONALDSLAPTOP | Source = Application Error | ID = 1001
    Description = Fault bucket -1499169764.

    [ System Events ]
    Error - 18/01/2012 14:31:31 | Computer Name = DONALDSLAPTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.117.2715.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 18/01/2012 14:31:31 | Computer Name = DONALDSLAPTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.117.2715.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 18/01/2012 14:31:31 | Computer Name = DONALDSLAPTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.117.2715.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 18/01/2012 14:33:37 | Computer Name = DONALDSLAPTOP | Source = Service Control Manager | ID = 7000
    Description = The GenPort service failed to start due to the following error: %%87

    Error - 19/01/2012 13:29:30 | Computer Name = DONALDSLAPTOP | Source = Tcpip | ID = 4199
    Description = The system detected an address conflict for IP address 192.168.0.3
    with the system having network hardware address 50:EA:D6:84:95:53. Network operations
    on this system may be disrupted as a result.

    Error - 19/01/2012 13:29:30 | Computer Name = DONALDSLAPTOP | Source = Tcpip | ID = 4199
    Description = The system detected an address conflict for IP address 192.168.0.3
    with the system having network hardware address 50:EA:D6:84:95:53. Network operations
    on this system may be disrupted as a result.

    Error - 19/01/2012 14:34:18 | Computer Name = DONALDSLAPTOP | Source = Service Control Manager | ID = 7000
    Description = The GenPort service failed to start due to the following error: %%87

    Error - 19/01/2012 16:23:25 | Computer Name = DONALDSLAPTOP | Source = Service Control Manager | ID = 7000
    Description = The GenPort service failed to start due to the following error: %%87

    Error - 19/01/2012 16:34:38 | Computer Name = DONALDSLAPTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.119.90.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 19/01/2012 17:00:42 | Computer Name = DONALDSLAPTOP | Source = Service Control Manager | ID = 7034
    Description = The Spybot S&D 2 Live Protection Service service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >
     
  16. 2012/01/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 1
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5577
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 1
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5577
      IE - HKU\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = *.local;<local>
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. 2012/01/20
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
    All processes killed
    ========== OTL ==========
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-21-861567501-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    User: Donald
    ->Temp folder emptied: 49152 bytes
    ->Temporary Internet Files folder emptied: 19894602 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 1465 bytes

    User: Kirsty
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kirsty.DONALDSLAPTOP
    ->Temp folder emptied: 615990 bytes
    ->Temporary Internet Files folder emptied: 33291 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 20.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: Donald
    ->Java cache emptied: 0 bytes

    User: Kirsty

    User: Kirsty.DONALDSLAPTOP
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Donald
    ->Flash cache emptied: 0 bytes

    User: Kirsty

    User: Kirsty.DONALDSLAPTOP
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01202012_201708

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Donald\Local Settings\Temporary Internet Files\Content.IE5\RANJ3Z6I\fastbutton[1].htm moved successfully.
    C:\Documents and Settings\Donald\Local Settings\Temporary Internet Files\Content.IE5\MHRPFHWQ\101622-active-system-slow-hanging[1].html moved successfully.
    C:\Documents and Settings\Donald\Local Settings\Temporary Internet Files\Content.IE5\MHRPFHWQ\ads[4].htm moved successfully.
    C:\Documents and Settings\Donald\Local Settings\Temporary Internet Files\Content.IE5\MHRPFHWQ\si[2].htm moved successfully.
    C:\Documents and Settings\Donald\Local Settings\Temporary Internet Files\Content.IE5\5A4Q750R\filedropper_com[1].htm moved successfully.
    C:\Documents and Settings\Donald\Local Settings\Temporary Internet Files\Content.IE5\5A4Q750R\like[1].htm moved successfully.

    Registry entries deleted on Reboot...
     
  18. 2012/01/20
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy 2
    Java(TM) 6 Update 30
    Out of date Java installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Spybot Teatimer.exe is disabled!
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````
     
  19. 2012/01/20
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
    Farbar Service Scanner Version: 18-01-2012 01
    Ran by Donald (administrator) on 20-01-2012 at 21:02:10
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x080000000500000001000000020000000300000004000000560000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
     
  20. 2012/01/20
    bracklapiper

    bracklapiper Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    149
    Likes Received:
    1
    the virus scan found nothing. i am getting an error warning every now and then its a runtime error 217 at 500a18b3, and also internet explorer has encountered a problem. the computer is more responsive. thank for the help on my subject.
     
  21. 2012/01/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I need to know exact wording and when it happens.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.