Solved Infected with ccProxy

cspgsl · 2011/11/14

OTL Extras logfile created on: 14/11/2011 1:37:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sara\Desktop\Tom
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.49 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 73.06% Memory free
4.83 Gb Paging File | 4.26 Gb Available in Paging File | 88.19% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.22 Gb Total Space | 41.32 Gb Free Space | 58.02% Space Free | Partition Type: NTFS

Computer Name: BEAST | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:LocalSubNet:Enabledxpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\tcpsvces.exe" = C:\WINDOWS\system32\tcpsvces.exe:*:Enabled:tcpsvces -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{114AA4D3-A577-400E-A1B2-3CF75CF8D2E2}" = C5500_Help
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5B8B9664-21C8-4A1C-AEE4-EF7B1EEB6BD3}" = PS_AIO_04_C5500_Software
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A558B0C-541D-47e0-A177-8635CE723B07}" = HP Photosmart C5500 All-In-One Driver Software 11.0 Rel .4
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8E37A0C8-C0E7-4E7A-8739-ACF20D02E70C}" = PS_AIO_04_C5500_Software_Min
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9310B0-FAD0-440E-97B1-5EE14568EF78}" = PS_AIO_04_C5500_ProductContext
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skypeâ„¢ 5.6
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C77A7F57-0BA5-4A17-B1C4-28E1D5F5A6EC}" = C5500
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E256842C-AD14-4BDC-87B2-B3A4A7037837}" = LogMeIn
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CANONBJ_Deinstall_CNMCP2R.DLL" = S450
"CCleaner" = CCleaner
"Genie Timeline" = Genie Timeline Professional 2.1
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOCR" = OCR Software by I.R.I.S. 11.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MouseSuite98" = Mouse Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Revo Uninstaller" = Revo Uninstaller 1.83
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/11/2011 5:36:34 PM | Computer Name = BEAST | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 09/11/2011 3:23:11 PM | Computer Name = BEAST | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
1, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 10/11/2011 5:00:34 PM | Computer Name = BEAST | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 13/11/2011 7:01:29 AM | Computer Name = BEAST | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 13/11/2011 7:01:29 AM | Computer Name = BEAST | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 13/11/2011 7:01:29 AM | Computer Name = BEAST | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 12/11/2011 2:39:13 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7001
Description = The Fast User Switching Compatibility service depends on the Terminal
Services service which failed to start because of the following error: %%126

Error - 12/11/2011 2:39:13 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7023
Description = The Terminal Services service terminated with the following error:
%%126

Error - 13/11/2011 6:57:01 AM | Computer Name = BEAST | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 13/11/2011 6:58:33 AM | Computer Name = BEAST | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 13/11/2011 6:58:33 AM | Computer Name = BEAST | Source = Service Control Manager | ID = 7001
Description = The Fast User Switching Compatibility service depends on the Terminal
Services service which failed to start because of the following error: %%126

Error - 13/11/2011 6:58:33 AM | Computer Name = BEAST | Source = Service Control Manager | ID = 7023
Description = The Terminal Services service terminated with the following error:
%%126

Error - 13/11/2011 3:05:43 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 13/11/2011 3:07:53 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 13/11/2011 3:14:24 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 13/11/2011 3:15:45 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

< End of report >

broni · 2011/11/14

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKU\S-1-5-21-4051018094-2330310444-191952952-1007..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\Shell - " " = AutoRun
O33 - MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\Shell\Auto\command - " " = E:\Server0.exe
O33 - MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\Shell\AutoRun\command - " " = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Server0.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[233 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/11/14 12:25:33 | 000,002,561 | ---- | M] () -- C:\WINDOWS\System32\CCProxy.ini
[2011/11/10 09:29:19 | 000,001,154 | -HS- | M] () -- C:\WINDOWS\System32\AccInfo.ini
[2011/10/21 08:31:02 | 000,000,404 | -HS- | C] () -- C:\WINDOWS\System32\ccjp.bat

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

cspgsl · 2011/11/14

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{381FFDE8-2394-4f90-B10D-FC6124A40F8C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381FFDE8-2394-4f90-B10D-FC6124A40F8C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4051018094-2330310444-191952952-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4051018094-2330310444-191952952-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-4051018094-2330310444-191952952-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4051018094-2330310444-191952952-1007\Software\Microsoft\Windows\CurrentVersion\Run\\ibmmessages deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f89d856-e8af-11dd-9c74-001125745f72}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f89d856-e8af-11dd-9c74-001125745f72}\ not found.
File E:\Server0.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f89d856-e8af-11dd-9c74-001125745f72}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f89d856-e8af-11dd-9c74-001125745f72}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Server0.exe not found.
C:\WINDOWS\Fonts\SET447.tmp deleted successfully.
C:\WINDOWS\Fonts\SET448.tmp deleted successfully.
C:\WINDOWS\Fonts\SET449.tmp deleted successfully.
C:\WINDOWS\Fonts\SET44A.tmp deleted successfully.
C:\WINDOWS\Fonts\SET44B.tmp deleted successfully.
C:\WINDOWS\Fonts\SET44C.tmp deleted successfully.
C:\WINDOWS\003167_.tmp deleted successfully.
C:\WINDOWS\003173_.tmp deleted successfully.
C:\WINDOWS\LMI73.tmp\rescue.log deleted successfully.
C:\WINDOWS\LMI73.tmp folder deleted successfully.
C:\WINDOWS\SET43D.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET115C.tmp deleted successfully.
C:\WINDOWS\System32\SET115F.tmp deleted successfully.
C:\WINDOWS\System32\SET1164.tmp deleted successfully.
C:\WINDOWS\System32\SET1168.tmp deleted successfully.
C:\WINDOWS\System32\SET116F.tmp deleted successfully.
C:\WINDOWS\System32\SET1195.tmp deleted successfully.
C:\WINDOWS\System32\SET1197.tmp deleted successfully.
C:\WINDOWS\System32\SET11BB.tmp deleted successfully.
C:\WINDOWS\System32\SET13F.tmp deleted successfully.
C:\WINDOWS\System32\SET140.tmp deleted successfully.
C:\WINDOWS\System32\SET141.tmp deleted successfully.
C:\WINDOWS\System32\SET142.tmp deleted successfully.
C:\WINDOWS\System32\SET144.tmp deleted successfully.
C:\WINDOWS\System32\SET145.tmp deleted successfully.
C:\WINDOWS\System32\SET146.tmp deleted successfully.
C:\WINDOWS\System32\SET14D.tmp deleted successfully.
C:\WINDOWS\System32\SET14E.tmp deleted successfully.
C:\WINDOWS\System32\SET151.tmp deleted successfully.
C:\WINDOWS\System32\SET156.tmp deleted successfully.
C:\WINDOWS\System32\SET157.tmp deleted successfully.
C:\WINDOWS\System32\SET158.tmp deleted successfully.
C:\WINDOWS\System32\SET15A.tmp deleted successfully.
C:\WINDOWS\System32\SET15B.tmp deleted successfully.
C:\WINDOWS\System32\SET15C.tmp deleted successfully.
C:\WINDOWS\System32\SET15D.tmp deleted successfully.
C:\WINDOWS\System32\SET15E.tmp deleted successfully.
C:\WINDOWS\System32\SET160.tmp deleted successfully.
C:\WINDOWS\System32\SET161.tmp deleted successfully.
C:\WINDOWS\System32\SET162.tmp deleted successfully.
C:\WINDOWS\System32\SET165.tmp deleted successfully.
C:\WINDOWS\System32\SET16C.tmp deleted successfully.
C:\WINDOWS\System32\SET16D.tmp deleted successfully.
C:\WINDOWS\System32\SET16E.tmp deleted successfully.
C:\WINDOWS\System32\SET171.tmp deleted successfully.
C:\WINDOWS\System32\SET173.tmp deleted successfully.
C:\WINDOWS\System32\SET174.tmp deleted successfully.
C:\WINDOWS\System32\SET17B.tmp deleted successfully.
C:\WINDOWS\System32\SET17E.tmp deleted successfully.
C:\WINDOWS\System32\SET17F.tmp deleted successfully.
C:\WINDOWS\System32\SET181.tmp deleted successfully.
C:\WINDOWS\System32\SET184.tmp deleted successfully.
C:\WINDOWS\System32\SET186.tmp deleted successfully.
C:\WINDOWS\System32\SET187.tmp deleted successfully.
C:\WINDOWS\System32\SET188.tmp deleted successfully.
C:\WINDOWS\System32\SET189.tmp deleted successfully.
C:\WINDOWS\System32\SET18A.tmp deleted successfully.
C:\WINDOWS\System32\SET190.tmp deleted successfully.
C:\WINDOWS\System32\SET195.tmp deleted successfully.
C:\WINDOWS\System32\SET196.tmp deleted successfully.
C:\WINDOWS\System32\SET199.tmp deleted successfully.
C:\WINDOWS\System32\SET19D.tmp deleted successfully.
C:\WINDOWS\System32\SET1A4.tmp deleted successfully.
C:\WINDOWS\System32\SET1A5.tmp deleted successfully.
C:\WINDOWS\System32\SET1A8.tmp deleted successfully.
C:\WINDOWS\System32\SET1AB.tmp deleted successfully.
C:\WINDOWS\System32\SET1B5.tmp deleted successfully.
C:\WINDOWS\System32\SET1B6.tmp deleted successfully.
C:\WINDOWS\System32\SET1B9.tmp deleted successfully.
C:\WINDOWS\System32\SET1BB.tmp deleted successfully.
C:\WINDOWS\System32\SET1BC.tmp deleted successfully.
C:\WINDOWS\System32\SET1BD.tmp deleted successfully.
C:\WINDOWS\System32\SET1BE.tmp deleted successfully.
C:\WINDOWS\System32\SET1BF.tmp deleted successfully.
C:\WINDOWS\System32\SET1C0.tmp deleted successfully.
C:\WINDOWS\System32\SET1C4.tmp deleted successfully.
C:\WINDOWS\System32\SET1D0.tmp deleted successfully.
C:\WINDOWS\System32\SET1D5.tmp deleted successfully.
C:\WINDOWS\System32\SET1D7.tmp deleted successfully.
C:\WINDOWS\System32\SET1D9.tmp deleted successfully.
C:\WINDOWS\System32\SET1DA.tmp deleted successfully.
C:\WINDOWS\System32\SET1DB.tmp deleted successfully.
C:\WINDOWS\System32\SET1DC.tmp deleted successfully.
C:\WINDOWS\System32\SET1DE.tmp deleted successfully.
C:\WINDOWS\System32\SET1DF.tmp deleted successfully.
C:\WINDOWS\System32\SET1E3.tmp deleted successfully.
C:\WINDOWS\System32\SET1E4.tmp deleted successfully.
C:\WINDOWS\System32\SET1E7.tmp deleted successfully.
C:\WINDOWS\System32\SET1E8.tmp deleted successfully.
C:\WINDOWS\System32\SET1E9.tmp deleted successfully.
C:\WINDOWS\System32\SET1EF.tmp deleted successfully.
C:\WINDOWS\System32\SET1F0.tmp deleted successfully.
C:\WINDOWS\System32\SET1F1.tmp deleted successfully.
C:\WINDOWS\System32\SET1F9.tmp deleted successfully.
C:\WINDOWS\System32\SET1FF.tmp deleted successfully.
C:\WINDOWS\System32\SET200.tmp deleted successfully.
C:\WINDOWS\System32\SET201.tmp deleted successfully.
C:\WINDOWS\System32\SET202.tmp deleted successfully.
C:\WINDOWS\System32\SET204.tmp deleted successfully.
C:\WINDOWS\System32\SET209.tmp deleted successfully.
C:\WINDOWS\System32\SET20A.tmp deleted successfully.
C:\WINDOWS\System32\SET216.tmp deleted successfully.
C:\WINDOWS\System32\SET21B.tmp deleted successfully.
C:\WINDOWS\System32\SET21C.tmp deleted successfully.
C:\WINDOWS\System32\SET227.tmp deleted successfully.
C:\WINDOWS\System32\SET229.tmp deleted successfully.
C:\WINDOWS\System32\SET22A.tmp deleted successfully.
C:\WINDOWS\System32\SET22D.tmp deleted successfully.
C:\WINDOWS\System32\SET22F.tmp deleted successfully.
C:\WINDOWS\System32\SET232.tmp deleted successfully.
C:\WINDOWS\System32\SET244.tmp deleted successfully.
C:\WINDOWS\System32\SET245.tmp deleted successfully.
C:\WINDOWS\System32\SET24C.tmp deleted successfully.
C:\WINDOWS\System32\SET24D.tmp deleted successfully.
C:\WINDOWS\System32\SET250.tmp deleted successfully.
C:\WINDOWS\System32\SET251.tmp deleted successfully.
C:\WINDOWS\System32\SET252.tmp deleted successfully.
C:\WINDOWS\System32\SET253.tmp deleted successfully.
C:\WINDOWS\System32\SET254.tmp deleted successfully.
C:\WINDOWS\System32\SET256.tmp deleted successfully.
C:\WINDOWS\System32\SET257.tmp deleted successfully.
C:\WINDOWS\System32\SET258.tmp deleted successfully.
C:\WINDOWS\System32\SET25A.tmp deleted successfully.
C:\WINDOWS\System32\SET25B.tmp deleted successfully.
C:\WINDOWS\System32\SET25C.tmp deleted successfully.
C:\WINDOWS\System32\SET25E.tmp deleted successfully.
C:\WINDOWS\System32\SET261.tmp deleted successfully.
C:\WINDOWS\System32\SET266.tmp deleted successfully.
C:\WINDOWS\System32\SET267.tmp deleted successfully.
C:\WINDOWS\System32\SET268.tmp deleted successfully.
C:\WINDOWS\System32\SET26D.tmp deleted successfully.
C:\WINDOWS\System32\SET26E.tmp deleted successfully.
C:\WINDOWS\System32\SET26F.tmp deleted successfully.
C:\WINDOWS\System32\SET271.tmp deleted successfully.
C:\WINDOWS\System32\SET274.tmp deleted successfully.
C:\WINDOWS\System32\SET276.tmp deleted successfully.
C:\WINDOWS\System32\SET277.tmp deleted successfully.
C:\WINDOWS\System32\SET27A.tmp deleted successfully.
C:\WINDOWS\System32\SET27B.tmp deleted successfully.
C:\WINDOWS\System32\SET281.tmp deleted successfully.
C:\WINDOWS\System32\SET282.tmp deleted successfully.
C:\WINDOWS\System32\SET284.tmp deleted successfully.
C:\WINDOWS\System32\SET289.tmp deleted successfully.
C:\WINDOWS\System32\SET28B.tmp deleted successfully.
C:\WINDOWS\System32\SET28E.tmp deleted successfully.
C:\WINDOWS\System32\SET292.tmp deleted successfully.
C:\WINDOWS\System32\SET294.tmp deleted successfully.
C:\WINDOWS\System32\SET295.tmp deleted successfully.
C:\WINDOWS\System32\SET298.tmp deleted successfully.
C:\WINDOWS\System32\SET299.tmp deleted successfully.
C:\WINDOWS\System32\SET29F.tmp deleted successfully.
C:\WINDOWS\System32\SET2A0.tmp deleted successfully.
C:\WINDOWS\System32\SET2A2.tmp deleted successfully.
C:\WINDOWS\System32\SET2A3.tmp deleted successfully.
C:\WINDOWS\System32\SET2A9.tmp deleted successfully.
C:\WINDOWS\System32\SET2AB.tmp deleted successfully.
C:\WINDOWS\System32\SET2AC.tmp deleted successfully.
C:\WINDOWS\System32\SET2AD.tmp deleted successfully.
C:\WINDOWS\System32\SET2AE.tmp deleted successfully.
C:\WINDOWS\System32\SET2B0.tmp deleted successfully.
C:\WINDOWS\System32\SET2B2.tmp deleted successfully.
C:\WINDOWS\System32\SET2B5.tmp deleted successfully.
C:\WINDOWS\System32\SET2BF.tmp deleted successfully.
C:\WINDOWS\System32\SET2C1.tmp deleted successfully.
C:\WINDOWS\System32\SET2C2.tmp deleted successfully.
C:\WINDOWS\System32\SET2C3.tmp deleted successfully.
C:\WINDOWS\System32\SET2C5.tmp deleted successfully.
C:\WINDOWS\System32\SET2C7.tmp deleted successfully.
C:\WINDOWS\System32\SET2CC.tmp deleted successfully.
C:\WINDOWS\System32\SET2CE.tmp deleted successfully.
C:\WINDOWS\System32\SET2CF.tmp deleted successfully.
C:\WINDOWS\System32\SET2D5.tmp deleted successfully.
C:\WINDOWS\System32\SET2E0.tmp deleted successfully.
C:\WINDOWS\System32\SET2E3.tmp deleted successfully.
C:\WINDOWS\System32\SET2E4.tmp deleted successfully.
C:\WINDOWS\System32\SET2E8.tmp deleted successfully.
C:\WINDOWS\System32\SET2F0.tmp deleted successfully.
C:\WINDOWS\System32\SET2F4.tmp deleted successfully.
C:\WINDOWS\System32\SET2F7.tmp deleted successfully.
C:\WINDOWS\System32\SET2F9.tmp deleted successfully.
C:\WINDOWS\System32\SET301.tmp deleted successfully.
C:\WINDOWS\System32\SET313.tmp deleted successfully.
C:\WINDOWS\System32\SET317.tmp deleted successfully.
C:\WINDOWS\System32\SET319.tmp deleted successfully.
C:\WINDOWS\System32\SET321.tmp deleted successfully.
C:\WINDOWS\System32\SET325.tmp deleted successfully.
C:\WINDOWS\System32\SET333.tmp deleted successfully.
C:\WINDOWS\System32\SET339.tmp deleted successfully.
C:\WINDOWS\System32\SET346.tmp deleted successfully.
C:\WINDOWS\System32\SET350.tmp deleted successfully.
C:\WINDOWS\System32\SET354.tmp deleted successfully.
C:\WINDOWS\System32\SET356.tmp deleted successfully.
C:\WINDOWS\System32\SET357.tmp deleted successfully.
C:\WINDOWS\System32\SET358.tmp deleted successfully.
C:\WINDOWS\System32\SET360.tmp deleted successfully.
C:\WINDOWS\System32\SET364.tmp deleted successfully.
C:\WINDOWS\System32\SET36F.tmp deleted successfully.
C:\WINDOWS\System32\SET37F.tmp deleted successfully.
C:\WINDOWS\System32\SET380.tmp deleted successfully.
C:\WINDOWS\System32\SET385.tmp deleted successfully.
C:\WINDOWS\System32\SET3AA.tmp deleted successfully.
C:\WINDOWS\System32\SET3AC.tmp deleted successfully.
C:\WINDOWS\System32\SET3B3.tmp deleted successfully.
C:\WINDOWS\System32\SET3B4.tmp deleted successfully.
C:\WINDOWS\System32\SET3B5.tmp deleted successfully.
C:\WINDOWS\System32\SET3B7.tmp deleted successfully.
C:\WINDOWS\System32\SET3B8.tmp deleted successfully.
C:\WINDOWS\System32\SET3B9.tmp deleted successfully.
C:\WINDOWS\System32\SET3BC.tmp deleted successfully.
C:\WINDOWS\System32\SET3BE.tmp deleted successfully.
C:\WINDOWS\System32\SET3BF.tmp deleted successfully.
C:\WINDOWS\System32\SET3C1.tmp deleted successfully.
C:\WINDOWS\System32\SET3C4.tmp deleted successfully.
C:\WINDOWS\System32\SET3C6.tmp deleted successfully.
C:\WINDOWS\System32\SET3CB.tmp deleted successfully.
C:\WINDOWS\System32\SET3CC.tmp deleted successfully.
C:\WINDOWS\System32\SET3D4.tmp deleted successfully.
C:\WINDOWS\System32\SET3DB.tmp deleted successfully.
C:\WINDOWS\System32\SET3E0.tmp deleted successfully.
C:\WINDOWS\System32\SET3E3.tmp deleted successfully.
C:\WINDOWS\System32\SET3E6.tmp deleted successfully.
C:\WINDOWS\System32\SET3E8.tmp deleted successfully.
C:\WINDOWS\System32\SET3EC.tmp deleted successfully.
C:\WINDOWS\System32\SET3EE.tmp deleted successfully.
C:\WINDOWS\System32\SET3EF.tmp deleted successfully.
C:\WINDOWS\System32\SET3F0.tmp deleted successfully.
C:\WINDOWS\System32\SET3F3.tmp deleted successfully.
C:\WINDOWS\System32\SET3F4.tmp deleted successfully.
C:\WINDOWS\System32\SET3F8.tmp deleted successfully.
C:\WINDOWS\System32\SET3F9.tmp deleted successfully.
C:\WINDOWS\System32\SET3FC.tmp deleted successfully.
C:\WINDOWS\System32\SET3FE.tmp deleted successfully.
C:\WINDOWS\System32\SET403.tmp deleted successfully.
C:\WINDOWS\System32\SET405.tmp deleted successfully.
C:\WINDOWS\System32\SET406.tmp deleted successfully.
C:\WINDOWS\System32\SET40A.tmp deleted successfully.
C:\WINDOWS\System32\SET40C.tmp deleted successfully.
C:\WINDOWS\System32\SET40E.tmp deleted successfully.
C:\WINDOWS\System32\SET562.tmp deleted successfully.
C:\WINDOWS\System32\SET568.tmp deleted successfully.
C:\WINDOWS\System32\SETEC.tmp deleted successfully.
C:\WINDOWS\System32\SETED.tmp deleted successfully.
C:\WINDOWS\System32\SETEE.tmp deleted successfully.
C:\WINDOWS\system32\CCProxy.ini moved successfully.
C:\WINDOWS\system32\AccInfo.ini moved successfully.
C:\WINDOWS\system32\ccjp.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 589824 bytes
->Temporary Internet Files folder emptied: 2919746 bytes

User: All Users
->Temp folder emptied: 6465571 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1153014 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: NetworkService
->Temp folder emptied: 3182268 bytes
->Temporary Internet Files folder emptied: 33204 bytes

User: Others
->Temp folder emptied: 8294 bytes
->Temporary Internet Files folder emptied: 22583698 bytes

User: Sara
->Temp folder emptied: 116013949 bytes
->Temporary Internet Files folder emptied: 17266277 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 7913 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5222886 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 189415392 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 348.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

User: Others

User: Sara
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11142011_152132

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cspgsl · 2011/11/14

OTL logfile created on: 14/11/2011 3:49:25 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sara\Desktop\Tom
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.49 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 73.83% Memory free
4.83 Gb Paging File | 4.29 Gb Available in Paging File | 88.92% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.22 Gb Total Space | 41.57 Gb Free Space | 58.37% Space Free | Partition Type: NTFS

Computer Name: BEAST | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 13:36:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sara\Desktop\Tom\OTL.exe
PRC - [2011/10/07 07:55:58 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/10/07 07:55:42 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/15 14:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2011/03/15 14:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2011/01/11 11:25:38 | 001,051,264 | ---- | M] (Genie-soft) -- C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
PRC - [2011/01/11 11:25:38 | 000,362,624 | ---- | M] (Genie-Soft) -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/06/15 04:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
PRC - [2010/06/15 04:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
PRC - [2008/07/24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/13 02:22:44 | 000,135,168 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2005/04/13 18:34:28 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003/11/06 19:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (No Company Name) ==========

MOD - [2011/03/29 12:10:12 | 000,396,288 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSBackupManager.dll
MOD - [2011/01/31 11:21:46 | 000,342,528 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSIndexDB.dll
MOD - [2011/01/11 11:25:38 | 000,467,968 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSWatcher4.dll
MOD - [2011/01/11 11:25:38 | 000,048,128 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSLogManager.dll
MOD - [2011/01/11 11:25:38 | 000,028,160 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\VSSEngine_XP.dll
MOD - [2011/01/09 11:00:42 | 000,051,712 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\QueueManager.dll
MOD - [2011/01/09 11:00:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSLibrariesManager.dll
MOD - [2011/01/09 11:00:42 | 000,038,400 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSLogging.dll
MOD - [2011/01/09 11:00:42 | 000,009,728 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\VSSEngine_Proxy.dll
MOD - [2011/01/09 11:00:40 | 000,144,384 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\Settings.dll
MOD - [2011/01/09 11:00:40 | 000,111,616 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\BlockLevel2.dll
MOD - [2010/08/31 06:43:58 | 000,080,384 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSEncryption.dll
MOD - [2010/08/31 06:43:58 | 000,072,192 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSCurl.dll
MOD - [2010/08/31 06:42:12 | 000,023,040 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\ext\php_gstl_interface.dll
MOD - [2010/06/15 06:00:28 | 000,921,088 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\sqlite3.dll
MOD - [2010/06/15 04:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
MOD - [2003/11/06 19:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HidServ)
SRV - [2011/10/07 07:55:58 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/10/07 07:55:42 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/22 14:03:50 | 000,423,424 | -HS- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\tcpsvces.exe -- (RavAuto)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/26 02:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\tomfix\pev.3XE -- (PEVSystemStart)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/15 14:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/03/15 14:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2011/01/11 11:25:38 | 000,362,624 | ---- | M] (Genie-Soft) [Auto | Running] -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2011/10/07 07:55:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/07 05:22:06 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/07/24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2005/10/09 21:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2005/02/05 07:51:00 | 000,392,832 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/12/06 21:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/05/19 17:41:26 | 000,013,757 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/02/11 17:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003/01/10 17:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2002/09/20 14:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theglobeandmail.ca/
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/24 17:18:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/24 17:18:40 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2008/09/16 06:01:45 | 000,263,300 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9132 more lines...
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4051018094-2330310444-191952952-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150472969437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} http://nsprdnacw-vip.aliant.net/lwp/static/installers/AliantActiveXInstaller.cab (ConnectivityTester Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD276B8D-8724-4576-8BBB-81DE5B529D86}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/18 07:23:12 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 15:21:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/13 18:28:29 | 000,000,000 | --SD | C] -- C:\tomfix
[2011/11/13 15:06:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/13 15:04:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/13 15:04:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/13 15:04:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/13 15:04:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/13 15:04:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/13 15:03:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/12 14:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/11/10 15:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sara\Application Data\SUPERAntiSpyware.com
[2011/11/10 15:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/10 15:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/10 15:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/10 13:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Genie-Soft
[2011/11/10 13:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Genie-Soft
[2011/11/10 12:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sara\Application Data\Skype
[2011/11/10 12:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/10 12:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/10 12:52:18 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/10 12:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/10 11:38:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Log
[2011/11/10 10:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/10 10:57:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/10 10:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/10 10:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sara\Desktop\Tom
[2011/11/09 11:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sara\My Documents\flower card project
[2011/10/21 08:31:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\web
[2011/10/21 08:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Storm

========== Files - Modified Within 30 Days ==========

[2011/11/14 15:41:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/14 15:38:20 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 15:36:55 | 000,002,561 | ---- | M] () -- C:\WINDOWS\System32\CCProxy.ini
[2011/11/14 15:36:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/14 13:06:47 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Sara\Desktop\Microsoft Office Outlook 2003.lnk
[2011/11/14 12:29:34 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ECACB466-71A9-4424-857C-E804F2F94923}.job
[2011/11/13 21:51:35 | 000,000,311 | RHS- | M] () -- C:\BOOT.INI
[2011/11/10 11:36:21 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2011/11/10 10:57:44 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 18:26:14 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Sara\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/11/08 18:26:11 | 000,505,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 18:26:11 | 000,089,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 18:09:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/08 17:36:47 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/21 14:24:33 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\info.dat
[2011/10/21 11:51:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/11/14 15:36:55 | 000,002,561 | ---- | C] () -- C:\WINDOWS\System32\CCProxy.ini
[2011/11/13 15:06:40 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2011/11/13 15:06:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/13 15:04:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/13 15:04:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/13 15:04:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/13 15:04:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/13 15:04:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/10 10:57:44 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 18:26:13 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Sara\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/11/08 17:41:44 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/21 08:31:39 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\info.dat
[2011/10/21 08:31:02 | 000,423,424 | -HS- | C] () -- C:\WINDOWS\System32\tcpsvces.exe
[2011/09/12 09:24:18 | 000,022,086 | ---- | C] () -- C:\Documents and Settings\Sara\Application Data\Comma Separated Values (Windows).ADR
[2011/07/08 09:51:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/18 08:29:06 | 000,006,257 | ---- | C] () -- C:\Documents and Settings\Sara\Application Data\Comma Separated Values (Windows).EML
[2010/09/13 13:34:59 | 000,009,369 | ---- | C] () -- C:\Documents and Settings\Sara\Application Data\Tab Separated Values (Windows).EML
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/07/31 15:14:32 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/11/24 16:59:15 | 000,164,497 | ---- | C] () -- C:\WINDOWS\hpoins33.dat
[2008/11/24 16:59:15 | 000,001,526 | ---- | C] () -- C:\WINDOWS\hpomdl33.dat
[2008/02/06 17:21:57 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2008/02/06 17:21:57 | 000,003,449 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2007/01/12 12:56:35 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/08/17 05:31:56 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\getfile.dat
[2006/08/16 20:07:09 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Sara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/27 14:19:45 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2006/05/07 07:42:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/02/08 07:58:33 | 000,112,885 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/02/08 07:58:32 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/02/01 07:08:27 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2R.DLL
[2006/02/01 07:08:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP2R.EXE
[2006/02/01 07:06:31 | 000,000,223 | ---- | C] () -- C:\WINDOWS\freedom.backup.dat
[2006/02/01 07:01:44 | 000,000,070 | ---- | C] () -- C:\WINDOWS\A2593216.ini
[2006/01/18 07:36:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/18 07:23:07 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Sara\Local Settings\Application Data\fusioncache.dat
[2005/12/21 15:11:30 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/21 14:37:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/21 14:26:02 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/21 14:25:05 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/21 14:25:05 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/21 14:25:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/21 14:25:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/21 14:25:05 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/21 14:25:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/21 14:22:44 | 000,005,437 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2005/12/21 14:22:44 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2005/12/21 14:22:43 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2005/12/21 14:22:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2005/01/20 00:53:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/16 07:41:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/11/09 05:02:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2004/08/09 15:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 15:01:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 14:51:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/09 14:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 14:45:31 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/09 10:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/04/10 19:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 11:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 11:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/07/06 19:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 04:00:00 | 000,505,714 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 04:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003562_.tmp.dll
[1980/01/01 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 04:00:00 | 000,089,178 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 04:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003530_.tmp.dll
[1980/01/01 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/21 08:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Genie-Soft
[2005/12/21 14:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2011/09/16 08:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2009/07/31 14:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2011/11/14 07:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/06/16 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/07/20 10:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/08/11 10:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/03/17 11:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/10/21 08:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2005/12/21 14:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IBM
[2011/09/14 10:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Genie-Soft
[2005/12/21 14:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser\Application Data\IBM
[2011/10/13 17:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Genie-Soft
[2005/12/21 14:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\IBM
[2011/09/14 10:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\Genie-Soft
[2006/01/26 02:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\IBM
[2011/02/28 15:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\Image Zone Express
[2008/11/23 20:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\InterVideo
[2006/01/18 09:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\Leadertech
[2010/07/20 10:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\Panda Security
[2009/12/19 14:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\TeamViewer
[2011/11/14 15:41:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/14 12:29:34 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ECACB466-71A9-4424-857C-E804F2F94923}.job

========== Purity Check ==========

< End of report >

cspgsl · 2011/11/14

BTW - ccproxy still opens on start up

broni · 2011/11/14

Please click HERE to download Kaspersky Virus Removal Tool.

Double click on the file you just downloaded and let it install.

It will install to your desktop (be patient; it may take a while).

Accept license agreement and click "Start" button.

Click on Settings button

In Scan scope leave pre-checked items as they're and also checkmark My Computer

In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection

Click on Automatic Scan tab and then click on Start scanning button.

Before it is done it may prompt for action regardless of the setting so choose delete if prompted.

When the scan is done NO log will be produced.

Click on Report button then on Automatic Scan report tab.

Right click anywhere within right pane, click Select All then right click again and click Copy.

This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.

You can save this on the desktop.

Post the contents of the document in your next reply.

cspgsl · 2011/11/14

I have tried several times to install Kapersky but the window freezes and it wont let me accept the terms. I cannot close the window. Instead, I have to disable the startup program and restart the computer to get rid of it.

I have downloaded it a few times, disabled any other protection software but to no avail.

Any thoughts?

broni · 2011/11/14

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Double-click SystemLook.exe to run it.

Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box and paste it into the main textfield:
Code:
:filefind
ccproxy*
:folderfind
ccproxy*
:regfind
ccproxy*
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

cspgsl · 2011/11/15

SystemLook 30.07.11 by jpshortstuff
Log created at 08:08 on 15/11/2011 by Sara
Administrator - Elevation successful

========== filefind ==========

Searching for "ccproxy* "
C:\WINDOWS\system32\CCProxy.ini --a---- 2561 bytes [19:36 14/11/2011] [11:57 15/11/2011] 033B1F149EDF47ACD25E2F01613FE8E8
C:\_OTL\MovedFiles\11142011_152132\C_WINDOWS\system32\CCProxy.ini --a---- 2561 bytes [12:30 14/11/2011] [16:25 14/11/2011] 033B1F149EDF47ACD25E2F01613FE8E8

========== folderfind ==========

Searching for "ccproxy* "
No folders found.

========== regfind ==========

Searching for "ccproxy* "
No data found.

-= EOF =-

broni · 2011/11/15

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\WINDOWS\system32\CCProxy.ini

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

cspgsl · 2011/11/15

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\system32\CCProxy.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 20208 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Others
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Sara
->Temp folder emptied: 332702276 bytes
->Temporary Internet Files folder emptied: 8096870 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74594 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 325.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

User: Others

User: Sara
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11152011_142744

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cspgsl · 2011/11/15

ccproxy reappeared on the reboot

broni · 2011/11/15

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart computer in Safe Mode.

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

cspgsl · 2011/11/15

I have to leave it until tomorrow morning Broni due to a commitment to my granddaughter this afternoon. I'll repost then
Thanks

broni · 2011/11/15

No problem

cspgsl · 2011/11/16

Broni:
The user took it upon themselves to run drweb in regular mode. They then cured what it found and apparently, one entry was ccproxy. The didn't save the report though.

I re-ran it in safe mode and it didn't find anything so, there is no report.

broni · 2011/11/16

Is the startup problem still present?

cspgsl · 2011/11/16

No, it has not returned

broni · 2011/11/16

Very good

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

cspgsl · 2011/11/16

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Java(TM) 6 Update 21
Java(TM) 6 Update 7
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Log in or Sign up

Solved Infected with ccProxy

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

cspgsl Geek Member Thread Starter

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

Share This Page

Log in or Sign up

Solved Infected with ccProxy

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

cspgsl Geek Member Thread Starter

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

broni Moderator Malware Analyst

cspgsl Geek Member Thread Starter

Share This Page

Useful Searches