1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved XP Security 2012 Malware

Discussion in 'Malware and Virus Removal Archive' started by boyracer, 2011/12/14.

Page 2 of 3
  1. 2011/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Registry key looks fine.

    We have to take care of missing file.

    Open Windows Explorer.
    Navigate to C:\WINDOWS\system32\dllcache folder, copy netbt.sys file form there and paste it to C:\WINDOWS\system32\Drivers folder.

    Restart computer and see if internet works.
     
    broni,
    #21
  2. 2011/12/20
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    I don't have a dllcache folder. I did a search for netbt.sys in some other places and didn't find it. This system is running an XP OEM OS, do you think I might find that on the installation disks?
     
    boyracer,
    #22


  3. to hide this advert.

  4. 2011/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    In Windows Explorer....
    Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    Press F5 to refresh view and you should see that folder.
     
    broni,
    #23
  5. 2011/12/20
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    I found the folder. There is a netbt but no netbt.sys.
     
    boyracer,
    #24
  6. 2011/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go back to "View" tab and UN-check "Hide extensions for known file types ".
    Press F5 to refresh.
    You'll see netbt.sys now.
     
    broni,
    #25
  7. 2011/12/20
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    Okay, I have an internet connection. It is busily downloading updates.
     
    boyracer,
    #26
  8. 2011/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Excellent!

    When done with updates re-run Combofix, allow recovery console installation, post the log.

    Then....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #27
    virginia likes this.
  9. 2011/12/21
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    I am working on the machine in question now.
    Here is the new ComboFix log:

    ComboFix 11-12-21.01 - Guertins 12/21/2011 8:30.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1502 [GMT -5:00]
    Running from: c:\documents and settings\Guertins\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\oobe\isperror
    c:\windows\system32\oobe\isperror\ispcnerr.htm
    c:\windows\system32\oobe\isperror\ispdtone.htm
    c:\windows\system32\oobe\isperror\isphdshk.htm
    c:\windows\system32\oobe\isperror\ispins.htm
    c:\windows\system32\oobe\isperror\ispnoanw.htm
    c:\windows\system32\oobe\isperror\isppberr.htm
    c:\windows\system32\oobe\isperror\ispphbsy.htm
    c:\windows\system32\oobe\isperror\ispsbusy.htm
    c:\windows\system32\xmlrpw32.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-21 04:53 . 2011-11-21 07:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C183561-6954-4946-8864-EED56695BB0B}\mpengine.dll
    2011-12-21 04:42 . 2008-04-14 05:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
    2011-12-21 04:42 . 2008-04-14 05:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2011-12-15 20:58 . 2011-12-15 20:58 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-13 21:31 . 2011-12-13 21:31 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
    2011-12-10 20:37 . 2011-12-10 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-12-10 20:37 . 2011-12-10 20:37 -------- d-----w- c:\documents and settings\Guertins\Application Data\TestApp
    2011-12-08 02:04 . 2011-12-08 02:04 -------- d-----w- c:\program files\Common Files\Apple
    2011-12-08 02:03 . 2011-12-08 02:04 -------- d-----w- c:\program files\QuickTime
    2011-12-08 02:03 . 2011-12-08 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-23 13:25 . 2006-03-15 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-09 22:00 . 2011-11-09 22:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-04 19:20 . 2006-03-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2006-03-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2006-03-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2006-03-15 12:00 385024 ------w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2006-03-15 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2006-03-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2006-03-15 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-14 22:38 . 2006-03-15 12:00 456192 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2011-01-25 01:29 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2006-03-15 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2006-03-15 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2006-03-15 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-18_19.35.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-21 13:18 . 2011-12-21 13:18 16384 c:\windows\Temp\Perflib_Perfdata_744.dat
    - 2011-01-25 01:52 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
    + 2011-01-25 01:52 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
    - 2006-03-15 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
    + 2006-03-15 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
    + 2009-03-08 09:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
    - 2009-03-08 09:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
    + 2006-03-15 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
    - 2006-03-15 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
    - 2011-01-25 18:06 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2011-01-25 18:06 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2009-03-08 09:31 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2009-03-08 09:31 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2011-01-25 18:05 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2011-01-25 18:05 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2009-03-08 09:34 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2009-03-08 09:34 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2009-03-08 09:33 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-03-08 09:33 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2011-02-28 14:19 . 2011-12-21 05:10 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
    - 2011-02-28 14:19 . 2011-10-14 22:11 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
    + 2011-02-28 14:19 . 2011-12-21 05:10 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
    - 2011-02-28 14:19 . 2011-10-14 22:11 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
    - 2011-02-28 14:19 . 2011-10-14 22:11 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-02-28 14:19 . 2011-12-21 05:10 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-12-21 05:09 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
    - 2006-03-15 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
    + 2006-03-15 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
    - 2006-03-15 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
    + 2006-03-15 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
    - 2006-03-15 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
    + 2006-03-15 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
    - 2009-03-08 09:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
    + 2009-03-08 09:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
    - 2006-03-15 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
    + 2006-03-15 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
    + 2006-03-15 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
    - 2006-03-15 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
    + 2006-03-15 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
    - 2006-03-15 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
    - 2011-01-24 20:15 . 2011-10-15 14:30 172280 c:\windows\system32\FNTCACHE.DAT
    + 2011-01-24 20:15 . 2011-12-21 13:17 172280 c:\windows\system32\FNTCACHE.DAT
    + 2009-03-08 09:34 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
    - 2009-03-08 09:34 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
    + 2009-03-08 09:34 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
    + 2009-03-08 09:34 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
    - 2009-03-08 09:34 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
    + 2009-03-08 09:32 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
    - 2009-03-08 09:32 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
    + 2011-01-25 18:05 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
    - 2011-01-25 18:05 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2011-01-25 18:05 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2011-01-25 18:05 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2009-03-08 09:31 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2009-03-08 09:31 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2011-01-25 18:05 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2011-01-25 18:05 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2009-03-08 19:09 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2009-03-08 19:09 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2009-03-08 09:32 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2009-03-08 09:32 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
    - 2006-03-15 12:00 . 2011-02-04 22:48 456192 c:\windows\system32\dllcache\encdec.dll
    + 2006-03-15 12:00 . 2011-10-14 22:38 456192 c:\windows\system32\dllcache\encdec.dll
    + 2011-02-28 14:19 . 2011-12-21 05:10 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
    - 2011-02-28 14:19 . 2011-10-14 22:11 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
    - 2011-02-28 14:19 . 2011-10-14 22:11 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
    + 2011-02-28 14:19 . 2011-12-21 05:10 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
    - 2011-02-28 14:19 . 2011-10-14 22:11 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
    + 2011-02-28 14:19 . 2011-12-21 05:10 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
    - 2011-02-28 14:19 . 2011-10-14 22:11 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
    + 2011-02-28 14:19 . 2011-12-21 05:10 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
    - 2011-05-11 14:00 . 2011-05-11 14:00 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe
    + 2011-12-21 05:10 . 2011-12-21 05:10 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe
    + 2011-12-21 05:09 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
    + 2011-12-21 05:09 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
    + 2011-12-21 05:09 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
    + 2011-12-21 05:09 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
    + 2011-12-21 05:09 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
    + 2011-12-21 05:10 . 2011-12-21 05:10 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2006-03-15 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
    - 2006-03-15 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
    + 2006-03-15 12:00 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
    - 2009-03-08 09:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
    + 2009-03-08 09:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
    + 2010-10-26 13:25 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
    - 2009-03-08 09:34 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2009-03-08 09:34 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
    + 2011-01-25 17:40 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    - 2011-01-25 17:40 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2011-01-25 17:40 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    - 2011-01-25 17:40 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2011-01-25 17:40 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    - 2011-01-25 17:40 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2009-03-08 09:41 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
    + 2011-01-25 18:05 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
    - 2011-01-25 18:05 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
    + 2011-11-01 18:34 . 2011-11-01 18:34 4250112 c:\windows\Installer\148d2a.msp
    + 2011-11-01 18:34 . 2011-11-01 18:34 2247168 c:\windows\Installer\148d20.msp
    + 2011-11-11 21:14 . 2011-11-11 21:14 9096192 c:\windows\Installer\148d0c.msp
    + 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\148cf8.msp
    + 2011-11-11 21:15 . 2011-11-11 21:15 1795584 c:\windows\Installer\148ce4.msp
    + 2011-11-11 21:16 . 2011-11-11 21:16 8458240 c:\windows\Installer\148cd0.msp
    + 2011-02-28 14:19 . 2011-12-21 05:10 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
    - 2011-02-28 14:19 . 2011-10-14 22:11 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
    + 2009-04-03 02:44 . 2009-04-03 02:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6425\GRAPH.EXE
    + 2011-12-21 05:09 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
    + 2011-12-21 05:09 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
    + 2011-12-21 05:09 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
    - 2011-01-25 17:40 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2011-01-25 17:40 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    - 2011-01-25 17:40 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2011-01-25 17:40 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2011-01-25 17:40 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2011-01-25 17:40 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2011-01-25 18:00 . 2011-12-21 05:07 52988224 c:\windows\system32\MRT.exe
    - 2009-03-08 09:39 . 2011-08-23 21:48 11081728 c:\windows\system32\ieframe.dll
    + 2009-03-08 09:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
    - 2011-01-25 18:05 . 2011-08-23 21:48 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2011-01-25 18:05 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2011-12-21 05:09 . 2011-08-23 21:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "P17Helper "= "P17.dll" [2005-05-03 64512]
    "UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "DVAPTray "= "c:\windows\System32\DVAPTray.exe" [2009-10-30 188416]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Device Monitor.lnk - c:\program files\ArcSoft\MediaConverter 3\Monitor.exe [2011-5-26 139264]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\WINDOWS\\system32\\mmc.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP "= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4/10/2011 12:57 PM 57112]
    R1 MpKsl52d13fa6;MpKsl52d13fa6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C183561-6954-4946-8864-EED56695BB0B}\MpKsl52d13fa6.sys [12/21/2011 8:18 AM 29904]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    S1 MpKsl1f5c8a59;MpKsl1f5c8a59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1879BD2C-BCC3-436B-A242-2B566809C81F}\MpKsl1f5c8a59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1879BD2C-BCC3-436B-A242-2B566809C81F}\MpKsl1f5c8a59.sys [?]
    S1 MpKsl2bf43507;MpKsl2bf43507;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CB6462B-5BD2-437E-BE86-16256A0154BF}\MpKsl2bf43507.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CB6462B-5BD2-437E-BE86-16256A0154BF}\MpKsl2bf43507.sys [?]
    S1 MpKsl394ae27f;MpKsl394ae27f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0733930-9C1F-47E8-BBE3-2CAD27494B30}\MpKsl394ae27f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0733930-9C1F-47E8-BBE3-2CAD27494B30}\MpKsl394ae27f.sys [?]
    S1 MpKsl6ff49fcd;MpKsl6ff49fcd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FD69D06-53A5-45B6-9480-B9A507CEC844}\MpKsl6ff49fcd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FD69D06-53A5-45B6-9480-B9A507CEC844}\MpKsl6ff49fcd.sys [?]
    S1 MpKsl78f7993d;MpKsl78f7993d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3984FD34-2A62-432E-AA99-55765F457C27}\MpKsl78f7993d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3984FD34-2A62-432E-AA99-55765F457C27}\MpKsl78f7993d.sys [?]
    S1 MpKslf50db3a1;MpKslf50db3a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A595B0D-A913-4981-9D16-0396115D64D1}\MpKslf50db3a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A595B0D-A913-4981-9D16-0396115D64D1}\MpKslf50db3a1.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/15/2006 7:00 AM 14336]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - EHRECVR
    *NewlyCreated* - EHSCHED
    *NewlyCreated* - MPKSL52D13FA6
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2011-11-18 c:\windows\Tasks\Backup.job
    - c:\windows\system32\ntbackup.exe [2006-03-15 10:42]
    .
    2011-12-21 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
    .
    2011-12-21 c:\windows\Tasks\User_Feed_Synchronization-{292B8DA8-6C6A-405E-812C-97C686BBE93A}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.dogpile.com/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-21 08:34
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(688)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2011-12-21 08:35:40
    ComboFix-quarantined-files.txt 2011-12-21 13:35
    ComboFix2.txt 2011-12-18 19:40
    .
    Pre-Run: 70,569,275,392 bytes free
    Post-Run: 70,543,335,424 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 32F3FCACF331CD6E5D80593DAD88DEB8


    I'll run OTL now.
     
    boyracer,
    #28
  10. 2011/12/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok.............
     
    broni,
    #29
  11. 2011/12/21
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    I'm sorry I thought I had posted the OTL logs. Let me do that now.

    OTL logfile created on: 12/21/2011 8:49:18 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Guertins\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.41% Memory free
    3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.28% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 189.91 Gb Total Space | 65.72 Gb Free Space | 34.61% Space Free | Partition Type: NTFS
    Drive J: | 48.83 Gb Total Space | 48.70 Gb Free Space | 99.74% Space Free | Partition Type: NTFS
    Drive K: | 184.05 Gb Total Space | 167.24 Gb Free Space | 90.86% Space Free | Partition Type: NTFS
    Drive L: | 465.75 Gb Total Space | 362.66 Gb Free Space | 77.87% Space Free | Partition Type: NTFS

    Computer Name: DESKTOP | User Name: Guertins | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/21 08:41:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guertins\Desktop\OTL.exe
    PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/07/16 18:47:12 | 000,139,264 | ---- | M] (ArcSoft) -- C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
    PRC - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/10/11 20:28:04 | 000,086,016 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Mace.exe
    PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/14 17:09:43 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8c8bea92\mscorlib.dll
    MOD - [2011/10/14 17:09:39 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_88a3c228\system.drawing.dll
    MOD - [2011/10/14 17:09:32 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_72415f75\system.xml.dll
    MOD - [2011/10/14 17:09:27 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ec1682fc\system.windows.forms.dll
    MOD - [2011/10/14 17:09:17 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bb341010\system.dll
    MOD - [2011/10/14 17:09:11 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2011/10/14 17:09:10 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
    MOD - [2011/05/22 12:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2011/01/25 22:40:37 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
    MOD - [2011/01/25 22:40:36 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    MOD - [2011/01/25 22:40:36 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
    MOD - [2011/01/25 22:40:35 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2011/01/25 22:40:34 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
    SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/12/21 08:36:37 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F26BB3E-6566-43A5-97C8-56448595E89C}\MpKsl5df86356.sys -- (MpKsl5df86356)
    DRV - [2011/01/21 13:52:18 | 000,381,032 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
    DRV - [2011/01/21 13:52:18 | 000,057,112 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
    DRV - [2011/01/21 13:52:18 | 000,040,824 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/11/12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2006/10/11 17:43:54 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/07/07 03:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
    DRV - [2005/04/01 08:25:00 | 000,230,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2005/01/10 05:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/01/10 05:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2004/08/03 17:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
    IE - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



    O1 HOSTS File: ([2011/12/21 08:34:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [DVAPTray] C:\WINDOWS\system32\DVAPTray.exe (Chicony Electronics Co., Ltd.)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Monitor.lnk = C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1295976966375 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B1FDCBA-B532-4B8B-8542-78075CA3C1E6}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Guertins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guertins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/01/24 20:32:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/21 08:41:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guertins\Desktop\OTL.exe
    [2011/12/21 08:27:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/21 00:04:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guertins\Recent
    [2011/12/18 14:11:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/18 14:11:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/18 14:11:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/18 14:11:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/18 14:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/18 14:11:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/18 14:10:50 | 004,346,890 | R--- | C] (Swearware) -- C:\Documents and Settings\Guertins\Desktop\ComboFix.exe
    [2011/12/17 11:00:52 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Guertins\Desktop\tdsskiller.exe
    [2011/12/14 22:05:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Guertins\Desktop\dds.scr
    [2011/12/14 22:04:41 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Guertins\Desktop\aswMBR.exe
    [2011/12/14 11:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/12/14 11:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/12/10 15:41:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2011/12/10 15:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/12/10 15:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guertins\Application Data\TestApp
    [2011/12/07 21:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2011/12/07 21:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/12/07 21:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/12/07 21:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2002/04/10 20:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/21 08:41:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guertins\Desktop\OTL.exe
    [2011/12/21 08:34:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/12/21 08:27:59 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/12/21 08:26:36 | 004,346,890 | R--- | M] (Swearware) -- C:\Documents and Settings\Guertins\Desktop\ComboFix.exe
    [2011/12/21 08:23:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/12/21 08:20:09 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{292B8DA8-6C6A-405E-812C-97C686BBE93A}.job
    [2011/12/21 08:17:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/21 08:17:33 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/21 00:10:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/12/18 22:38:10 | 000,326,647 | ---- | M] () -- C:\Documents and Settings\Guertins\Desktop\FSS.exe
    [2011/12/18 14:02:46 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/17 11:00:22 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Guertins\My Documents\MBR.dat
    [2011/12/15 18:46:54 | 000,512,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/12/15 18:46:54 | 000,097,174 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/15 16:46:30 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Guertins\Desktop\tdsskiller.exe
    [2011/12/15 15:41:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/14 22:05:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Guertins\Desktop\dds.scr
    [2011/12/14 22:04:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Guertins\Desktop\aswMBR.exe
    [2011/12/14 11:28:28 | 000,103,365 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
    [2011/12/14 11:28:28 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
    [2011/12/13 17:01:10 | 000,011,976 | -HS- | M] () -- C:\Documents and Settings\Guertins\Local Settings\Application Data\cupibp5b3wqn8vij3aox8y410e1b
    [2011/12/13 17:01:10 | 000,011,976 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cupibp5b3wqn8vij3aox8y410e1b
    [2011/12/13 16:13:57 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Guertins\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/12/13 16:13:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/07 21:04:10 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/12/07 20:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/11/24 17:02:41 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
    [2011/11/24 09:33:40 | 000,014,142 | ---- | M] () -- C:\Documents and Settings\Guertins\My Documents\cc_20111124_093334.reg
    [2011/11/24 09:31:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/11/23 17:45:32 | 000,000,074 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/21 08:27:59 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/12/21 08:27:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/12/19 08:24:00 | 000,326,647 | ---- | C] () -- C:\Documents and Settings\Guertins\Desktop\FSS.exe
    [2011/12/18 14:11:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/18 14:11:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/18 14:11:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/18 14:11:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/18 14:11:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/17 11:00:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Guertins\My Documents\MBR.dat
    [2011/12/15 18:46:45 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2011/12/14 22:21:50 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Guertins\Desktop\gmer.exe
    [2011/12/14 11:28:28 | 000,103,365 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
    [2011/12/14 11:28:28 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
    [2011/12/13 16:13:57 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Guertins\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/12/10 14:29:49 | 000,011,976 | -HS- | C] () -- C:\Documents and Settings\Guertins\Local Settings\Application Data\cupibp5b3wqn8vij3aox8y410e1b
    [2011/12/10 14:29:49 | 000,011,976 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\cupibp5b3wqn8vij3aox8y410e1b
    [2011/12/07 21:04:10 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/11/24 09:33:38 | 000,014,142 | ---- | C] () -- C:\Documents and Settings\Guertins\My Documents\cc_20111124_093334.reg
    [2011/10/21 06:59:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
    [2011/05/26 20:03:06 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2011/05/26 20:03:04 | 003,248,128 | ---- | C] () -- C:\WINDOWS\System32\DVAPfg.exe
    [2011/04/08 12:37:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2011/02/25 11:54:57 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
    [2011/02/25 11:54:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
    [2011/02/25 11:54:19 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2011/02/09 19:11:33 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2011/02/09 13:30:51 | 000,125,227 | ---- | C] () -- C:\WINDOWS\LogWorks3 Uninstaller.exe
    [2011/01/26 22:51:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\VECalc.INI
    [2011/01/25 22:53:38 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Guertins\Local Settings\Application Data\fusioncache.dat
    [2011/01/25 15:35:32 | 000,069,371 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
    [2011/01/25 15:35:32 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
    [2011/01/24 21:21:11 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
    [2011/01/24 21:21:11 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2011/01/24 21:05:17 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2011/01/24 21:02:51 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2011/01/24 21:01:34 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
    [2011/01/24 21:01:34 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2011/01/24 20:59:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/01/24 20:34:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/01/24 20:27:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/01/24 15:16:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/01/24 15:15:06 | 000,172,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/01/19 16:40:37 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Guertins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2006/03/15 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/03/15 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/03/15 07:00:00 | 000,512,600 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/03/15 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/03/15 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/03/15 07:00:00 | 000,097,174 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/03/15 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/03/15 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/03/15 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/03/15 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/03/15 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/03/15 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/05/03 06:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
    [2003/10/02 05:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll

    ========== LOP Check ==========

    [2011/02/14 17:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2011/04/08 12:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    [2011/04/10 13:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
    [2011/01/27 15:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Masque
    [2011/04/08 15:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
    [2011/02/14 17:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Canneverbe Limited
    [2011/06/08 15:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\CoreFTP
    [2011/10/10 12:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\FileZilla
    [2011/02/01 09:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Foxit Software
    [2011/08/25 15:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\KompoZer
    [2011/01/27 15:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Masque
    [2011/01/25 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\OpenOffice.org
    [2011/12/10 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\TestApp
    [2011/01/24 21:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Thunderbird
    [2011/01/25 22:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Windows Desktop Search
    [2011/01/25 23:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Windows Search
    [2011/10/10 11:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
    [2011/11/18 12:00:26 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
    [2011/12/21 08:23:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2011/12/21 08:20:09 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{292B8DA8-6C6A-405E-812C-97C686BBE93A}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/01/24 20:32:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/01/27 18:16:02 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/12/21 08:27:59 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/12/21 08:35:40 | 000,026,076 | ---- | M] () -- C:\ComboFix.txt
    [2011/01/24 20:32:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/01/24 20:32:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/01/24 20:32:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/03/15 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/01/24 20:47:10 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/12/21 08:17:31 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/05/26 20:03:05 | 000,000,154 | ---- | M] () -- C:\setup.log
    [2011/12/16 09:23:56 | 000,047,924 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_16.12.2011_09.22.22_log.txt
    [2011/12/17 11:04:25 | 000,047,924 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_17.12.2011_11.00.59_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2011/01/24 20:31:55 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/12/15 18:47:25 | 000,001,706 | -H-- | M] () -- C:\Documents and Settings\Guertins\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2011/01/24 15:14:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2011/01/24 15:14:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2011/01/24 15:14:10 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/01/24 20:53:35 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/01/25 22:53:27 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Guertins\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2011/01/24 20:37:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Guertins\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/14 22:04:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Guertins\Desktop\aswMBR.exe
    [2011/12/21 08:26:36 | 004,346,890 | R--- | M] (Swearware) -- C:\Documents and Settings\Guertins\Desktop\ComboFix.exe
    [2011/12/18 22:38:10 | 000,326,647 | ---- | M] () -- C:\Documents and Settings\Guertins\Desktop\FSS.exe
    [2011/07/16 22:21:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Guertins\Desktop\gmer.exe
    [2011/12/15 15:42:48 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Guertins\Desktop\mseinstall.exe
    [2011/12/21 08:41:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guertins\Desktop\OTL.exe
    [2011/12/15 16:46:30 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Guertins\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2011/08/25 13:10:19 | 006,396,874 | ---- | M] () -- C:\Documents and Settings\Guertins\My Documents\pgbreeze.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/01/24 20:58:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Guertins\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    No captured output from command...

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    No captured output from command...

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/12/21 08:19:24 | 000,278,528 | ---- | M] () -- C:\Documents and Settings\Guertins\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 23:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 23:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 23:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
    boyracer,
    #30
  12. 2011/12/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I still need Extras.txt
     
    broni,
    #31
  13. 2011/12/21
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    I'm sorry. It appears that there are too many characters so I'll split the logs up

    OTL txt:

    OTL logfile created on: 12/21/2011 8:49:18 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Guertins\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.41% Memory free
    3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.28% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 189.91 Gb Total Space | 65.72 Gb Free Space | 34.61% Space Free | Partition Type: NTFS
    Drive J: | 48.83 Gb Total Space | 48.70 Gb Free Space | 99.74% Space Free | Partition Type: NTFS
    Drive K: | 184.05 Gb Total Space | 167.24 Gb Free Space | 90.86% Space Free | Partition Type: NTFS
    Drive L: | 465.75 Gb Total Space | 362.66 Gb Free Space | 77.87% Space Free | Partition Type: NTFS

    Computer Name: DESKTOP | User Name: Guertins | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/21 08:41:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guertins\Desktop\OTL.exe
    PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/07/16 18:47:12 | 000,139,264 | ---- | M] (ArcSoft) -- C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
    PRC - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/10/11 20:28:04 | 000,086,016 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Mace.exe
    PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/14 17:09:43 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8c8bea92\mscorlib.dll
    MOD - [2011/10/14 17:09:39 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_88a3c228\system.drawing.dll
    MOD - [2011/10/14 17:09:32 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_72415f75\system.xml.dll
    MOD - [2011/10/14 17:09:27 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ec1682fc\system.windows.forms.dll
    MOD - [2011/10/14 17:09:17 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bb341010\system.dll
    MOD - [2011/10/14 17:09:11 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2011/10/14 17:09:10 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
    MOD - [2011/05/22 12:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2011/01/25 22:40:37 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
    MOD - [2011/01/25 22:40:36 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    MOD - [2011/01/25 22:40:36 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
    MOD - [2011/01/25 22:40:35 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2011/01/25 22:40:34 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
    SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/12/21 08:36:37 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F26BB3E-6566-43A5-97C8-56448595E89C}\MpKsl5df86356.sys -- (MpKsl5df86356)
    DRV - [2011/01/21 13:52:18 | 000,381,032 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
    DRV - [2011/01/21 13:52:18 | 000,057,112 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
    DRV - [2011/01/21 13:52:18 | 000,040,824 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/11/12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2006/10/11 17:43:54 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/07/07 03:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
    DRV - [2005/04/01 08:25:00 | 000,230,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2005/01/10 05:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/01/10 05:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2004/08/03 17:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
    IE - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



    O1 HOSTS File: ([2011/12/21 08:34:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [DVAPTray] C:\WINDOWS\system32\DVAPTray.exe (Chicony Electronics Co., Ltd.)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Monitor.lnk = C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2052111302-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1295976966375 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B1FDCBA-B532-4B8B-8542-78075CA3C1E6}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Guertins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guertins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/01/24 20:32:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/21 08:41:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guertins\Desktop\OTL.exe
    [2011/12/21 08:27:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/21 00:04:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guertins\Recent
    [2011/12/18 14:11:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/18 14:11:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/18 14:11:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/18 14:11:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/18 14:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/18 14:11:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/18 14:10:50 | 004,346,890 | R--- | C] (Swearware) -- C:\Documents and Settings\Guertins\Desktop\ComboFix.exe
    [2011/12/17 11:00:52 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Guertins\Desktop\tdsskiller.exe
    [2011/12/14 22:05:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Guertins\Desktop\dds.scr
    [2011/12/14 22:04:41 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Guertins\Desktop\aswMBR.exe
    [2011/12/14 11:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/12/14 11:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/12/10 15:41:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2011/12/10 15:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/12/10 15:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guertins\Application Data\TestApp
    [2011/12/07 21:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2011/12/07 21:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/12/07 21:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/12/07 21:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2002/04/10 20:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/21 08:41:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guertins\Desktop\OTL.exe
    [2011/12/21 08:34:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/12/21 08:27:59 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/12/21 08:26:36 | 004,346,890 | R--- | M] (Swearware) -- C:\Documents and Settings\Guertins\Desktop\ComboFix.exe
    [2011/12/21 08:23:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/12/21 08:20:09 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{292B8DA8-6C6A-405E-812C-97C686BBE93A}.job
    [2011/12/21 08:17:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/21 08:17:33 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/21 00:10:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/12/18 22:38:10 | 000,326,647 | ---- | M] () -- C:\Documents and Settings\Guertins\Desktop\FSS.exe
    [2011/12/18 14:02:46 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/17 11:00:22 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Guertins\My Documents\MBR.dat
    [2011/12/15 18:46:54 | 000,512,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/12/15 18:46:54 | 000,097,174 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/15 16:46:30 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Guertins\Desktop\tdsskiller.exe
    [2011/12/15 15:41:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/14 22:05:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Guertins\Desktop\dds.scr
    [2011/12/14 22:04:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Guertins\Desktop\aswMBR.exe
    [2011/12/14 11:28:28 | 000,103,365 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
    [2011/12/14 11:28:28 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
    [2011/12/13 17:01:10 | 000,011,976 | -HS- | M] () -- C:\Documents and Settings\Guertins\Local Settings\Application Data\cupibp5b3wqn8vij3aox8y410e1b
    [2011/12/13 17:01:10 | 000,011,976 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cupibp5b3wqn8vij3aox8y410e1b
    [2011/12/13 16:13:57 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Guertins\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/12/13 16:13:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/07 21:04:10 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/12/07 20:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/11/24 17:02:41 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
    [2011/11/24 09:33:40 | 000,014,142 | ---- | M] () -- C:\Documents and Settings\Guertins\My Documents\cc_20111124_093334.reg
    [2011/11/24 09:31:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/11/23 17:45:32 | 000,000,074 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/21 08:27:59 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/12/21 08:27:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/12/19 08:24:00 | 000,326,647 | ---- | C] () -- C:\Documents and Settings\Guertins\Desktop\FSS.exe
    [2011/12/18 14:11:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/18 14:11:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/18 14:11:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/18 14:11:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/18 14:11:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/17 11:00:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Guertins\My Documents\MBR.dat
    [2011/12/15 18:46:45 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2011/12/14 22:21:50 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Guertins\Desktop\gmer.exe
    [2011/12/14 11:28:28 | 000,103,365 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
    [2011/12/14 11:28:28 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
    [2011/12/13 16:13:57 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Guertins\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/12/10 14:29:49 | 000,011,976 | -HS- | C] () -- C:\Documents and Settings\Guertins\Local Settings\Application Data\cupibp5b3wqn8vij3aox8y410e1b
    [2011/12/10 14:29:49 | 000,011,976 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\cupibp5b3wqn8vij3aox8y410e1b
    [2011/12/07 21:04:10 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/11/24 09:33:38 | 000,014,142 | ---- | C] () -- C:\Documents and Settings\Guertins\My Documents\cc_20111124_093334.reg
    [2011/10/21 06:59:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
    [2011/05/26 20:03:06 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2011/05/26 20:03:04 | 003,248,128 | ---- | C] () -- C:\WINDOWS\System32\DVAPfg.exe
    [2011/04/08 12:37:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2011/02/25 11:54:57 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
    [2011/02/25 11:54:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
    [2011/02/25 11:54:19 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2011/02/09 19:11:33 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2011/02/09 13:30:51 | 000,125,227 | ---- | C] () -- C:\WINDOWS\LogWorks3 Uninstaller.exe
    [2011/01/26 22:51:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\VECalc.INI
    [2011/01/25 22:53:38 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Guertins\Local Settings\Application Data\fusioncache.dat
    [2011/01/25 15:35:32 | 000,069,371 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
    [2011/01/25 15:35:32 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
    [2011/01/24 21:21:11 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
    [2011/01/24 21:21:11 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2011/01/24 21:05:17 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2011/01/24 21:02:51 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2011/01/24 21:01:34 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
    [2011/01/24 21:01:34 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2011/01/24 20:59:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/01/24 20:34:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/01/24 20:27:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/01/24 15:16:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/01/24 15:15:06 | 000,172,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/01/19 16:40:37 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Guertins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2006/03/15 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/03/15 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/03/15 07:00:00 | 000,512,600 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/03/15 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/03/15 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/03/15 07:00:00 | 000,097,174 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/03/15 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/03/15 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/03/15 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/03/15 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/03/15 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/03/15 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/05/03 06:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
    [2003/10/02 05:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll

    ========== LOP Check ==========

    [2011/02/14 17:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2011/04/08 12:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    [2011/04/10 13:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
    [2011/01/27 15:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Masque
    [2011/04/08 15:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
    [2011/02/14 17:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Canneverbe Limited
    [2011/06/08 15:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\CoreFTP
    [2011/10/10 12:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\FileZilla
    [2011/02/01 09:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Foxit Software
    [2011/08/25 15:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\KompoZer
    [2011/01/27 15:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Masque
    [2011/01/25 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\OpenOffice.org
    [2011/12/10 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\TestApp
    [2011/01/24 21:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Thunderbird
    [2011/01/25 22:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Windows Desktop Search
    [2011/01/25 23:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guertins\Application Data\Windows Search
    [2011/10/10 11:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
    [2011/11/18 12:00:26 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
    [2011/12/21 08:23:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2011/12/21 08:20:09 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{292B8DA8-6C6A-405E-812C-97C686BBE93A}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/01/24 20:32:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/01/27 18:16:02 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/12/21 08:27:59 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/12/21 08:35:40 | 000,026,076 | ---- | M] () -- C:\ComboFix.txt
    [2011/01/24 20:32:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/01/24 20:32:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/01/24 20:32:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/03/15 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/01/24 20:47:10 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/12/21 08:17:31 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/05/26 20:03:05 | 000,000,154 | ---- | M] () -- C:\setup.log
    [2011/12/16 09:23:56 | 000,047,924 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_16.12.2011_09.22.22_log.txt
    [2011/12/17 11:04:25 | 000,047,924 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_17.12.2011_11.00.59_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2011/01/24 20:31:55 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/12/15 18:47:25 | 000,001,706 | -H-- | M] () -- C:\Documents and Settings\Guertins\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2011/01/24 15:14:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2011/01/24 15:14:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2011/01/24 15:14:10 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/01/24 20:53:35 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/01/25 22:53:27 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Guertins\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2011/01/24 20:37:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Guertins\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/14 22:04:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Guertins\Desktop\aswMBR.exe
    [2011/12/21 08:26:36 | 004,346,890 | R--- | M] (Swearware) -- C:\Documents and Settings\Guertins\Desktop\ComboFix.exe
    [2011/12/18 22:38:10 | 000,326,647 | ---- | M] () -- C:\Documents and Settings\Guertins\Desktop\FSS.exe
    [2011/07/16 22:21:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Guertins\Desktop\gmer.exe
    [2011/12/15 15:42:48 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Guertins\Desktop\mseinstall.exe
    [2011/12/21 08:41:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guertins\Desktop\OTL.exe
    [2011/12/15 16:46:30 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Guertins\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2011/08/25 13:10:19 | 006,396,874 | ---- | M] () -- C:\Documents and Settings\Guertins\My Documents\pgbreeze.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/01/24 20:58:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Guertins\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    No captured output from command...

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    No captured output from command...

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/12/21 08:19:24 | 000,278,528 | ---- | M] () -- C:\Documents and Settings\Guertins\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 23:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 23:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 23:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
    boyracer,
    #32
  14. 2011/12/21
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    Extras.txt


    OTL Extras logfile created on: 12/21/2011 8:49:18 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Guertins\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.41% Memory free
    3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.28% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 189.91 Gb Total Space | 65.72 Gb Free Space | 34.61% Space Free | Partition Type: NTFS
    Drive J: | 48.83 Gb Total Space | 48.70 Gb Free Space | 99.74% Space Free | Partition Type: NTFS
    Drive K: | 184.05 Gb Total Space | 167.24 Gb Free Space | 90.86% Space Free | Partition Type: NTFS
    Drive L: | 465.75 Gb Total Space | 362.66 Gb Free Space | 77.87% Space Free | Partition Type: NTFS

    Computer Name: DESKTOP | User Name: Guertins | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{13FC7B28-A757-4E4B-A25B-9D0078518893}" = Virtual Engine Calculator Advanced
    "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
    "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
    "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
    "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
    "{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
    "{2390AB2C-FBE5-46DA-9332-D7DDB92B2A94}" = ATI Catalyst Control Center
    "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{30D1B542-44E0-44F0-8A31-2A101CB626B5}" = DVAPTray
    "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
    "{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
    "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{7C0BF6E9-7021-46E4-87B3-4C4587256A22}" = Masque IGT Slots Wolf Run
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
    "{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}" = ATI MCE Transcode
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recoveryâ„¢ 2011 (Advanced) Free
    "{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
    "{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
    "{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
    "{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{EE27AA87-8593-4B8A-A595-29E289C5520F}" = ArcSoft MediaConverter 3
    "{F6E97C07-B897-4C8C-AA9B-C8E0A85BC858}" = ATI MCE Control Panel
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Advanced DVD PlayerPro_is1" = Advanced DVD PlayerPro
    "All ATI Software" = ATI - Software Uninstall Utility
    "ALUpdate_is1" = ALTools Update
    "ATI Display Driver" = ATI Display Driver
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "DragStrip2000 Version 3.05" = DragStrip2000 Version 3.05
    "Dyno2000 Version 3.08" = Dyno2000 Version 3.08
    "Family Tree Maker" = Family Tree Maker 8.0
    "ffdshow_is1" = ffdshow [rev 3026] [2009-07-05]
    "Foxit Reader" = Foxit Reader
    "HP Photo & Imaging" = HP Image Zone 4.7
    "ie8" = Windows Internet Explorer 8
    "LogWorks3" = LogWorks3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Panzer General 3D" = Panzer General 3D
    "Picasa 3" = Picasa 3
    "Revo Uninstaller" = Revo Uninstaller 1.91
    "Snapshot Viewer" = Snapshot Viewer
    "STANDARDR" = Microsoft Office Standard 2007
    "SysInfo" = Creative System Information
    "Tweak UI 2.10" = Tweak UI
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2052111302-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "FileZilla Client" = FileZilla Client 3.5.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/18/2011 3:03:37 PM | Computer Name = DESKTOP | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 12/18/2011 3:13:26 PM | Computer Name = DESKTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
    P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 12/18/2011 3:28:46 PM | Computer Name = DESKTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
    P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 12/18/2011 3:36:01 PM | Computer Name = DESKTOP | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 12/18/2011 3:45:11 PM | Computer Name = DESKTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
    P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 12/19/2011 9:29:10 AM | Computer Name = DESKTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
    P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 12/20/2011 9:22:40 AM | Computer Name = DESKTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
    P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 12/21/2011 12:04:14 AM | Computer Name = DESKTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
    P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 12/21/2011 9:47:24 AM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 12/21/2011 9:48:59 AM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 12/18/2011 3:28:47 PM | Computer Name = DESKTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.111.433.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.7604.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 12/18/2011 3:28:47 PM | Computer Name = DESKTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.111.433.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.7604.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 12/20/2011 11:56:36 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7001
    Description = The DHCP Client service depends on the NetBios over Tcpip service
    which failed to start because of the following error: %%31

    Error - 12/20/2011 11:56:36 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7001
    Description = The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip
    service which failed to start because of the following error: %%31

    Error - 12/20/2011 11:56:45 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    NetBT

    Error - 12/21/2011 12:04:13 AM | Computer Name = DESKTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.111.433.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 12/21/2011 12:04:14 AM | Computer Name = DESKTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.111.433.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.7604.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 12/21/2011 12:04:14 AM | Computer Name = DESKTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.111.433.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.7604.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 12/21/2011 12:04:14 AM | Computer Name = DESKTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.111.433.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.7604.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 12/21/2011 12:04:14 AM | Computer Name = DESKTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.111.433.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.7604.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved


    < End of report >
     
    boyracer,
    #33
  15. 2011/12/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/12/13 17:01:10 | 000,011,976 | -HS- | M] () -- C:\Documents and Settings\Guertins\Local Settings\Application Data\cupibp5b3wqn8vij3aox8y410e1b
[2011/12/13 17:01:10 | 000,011,976 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cupibp5b3wqn8vij3aox8y410e1b

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #34
  16. 2011/12/21
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    New OTL Log:


    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Documents and Settings\Guertins\Local Settings\Application Data\cupibp5b3wqn8vij3aox8y410e1b moved successfully.
    C:\Documents and Settings\All Users\Application Data\cupibp5b3wqn8vij3aox8y410e1b moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Guertins
    ->Temp folder emptied: 118047 bytes
    ->Temporary Internet Files folder emptied: 6166784 bytes
    ->Java cache emptied: 92444 bytes
    ->FireFox cache emptied: 42066935 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 940 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 21360 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 14556 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1240100 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 85810 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 48.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: Guertins
    ->Flash cache emptied: 0 bytes

    User: Guest

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 12212011_221854

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_660.dat not found!

    Registry entries deleted on Reboot...


    I'm working on the rest of the items in your last post now.
     
    boyracer,
    #35
  17. 2011/12/21
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    Security Check Log

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 16
    Java(TM) 6 Update 30
    Out of date Java installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````
     
    boyracer,
    #36
  18. 2011/12/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Java(TM) 6 Update 16
     
    broni,
    #37
  19. 2011/12/22
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    JavaRa Log:

    JavaRa 1.16 Removal Log.

    Report follows after line.

    [......]


    I also ran ESET. No log resulted.
     
    Last edited by a moderator: 2011/12/22
    boyracer,
    #38
  20. 2011/12/22
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    I've noticed the machine loads up real slow on startup. Also, please explain why a lot of these fixes were saved on the desktop.
     
    boyracer,
    #39
  21. 2011/12/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's so a cleaning tool we'll run in a moment can find all those files.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
    broni,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...