Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91813 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved]áNo icons, no Start menu, no Safe Mode!


  • This topic is locked This topic is locked
38 replies to this topic

#16 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 23 October 2009 - 03:34 AM

Right, the word wrap didn't carry over to the attachment so it's a bit of a mess. Here is the original:


OTL logfile created on: 23/10/2009 10:21:19 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.48 Mb Total Physical Memory | 170.71 Mb Available Physical Memory | 33.91% Memory free
1.20 Gb Paging File | 0.92 Gb Available in Paging File | 76.80% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 65.38 Gb Free Space | 87.73% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-434ECF3F8
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\taskmgr.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)

========== Driver Services (SafeList) ==========

DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STAC97NA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\stac97na.sys (SigmaTel Inc.)
DRV - (STAC97NH [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\stac97nh.sys (SigmaTel Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\admin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\System32\ATL.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\System32\LINKINFO.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\ntshrui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com...x?wa=wsignin1.0
IE - HKCU\..\URLSearchHook: *{6E6624DD-AB4A-45E9-B9B7-393CB62C45ED} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/01 10:49:40 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MRT] C:\WINDOWS\System32\MRT.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [ms18_word] C:\Documents and Settings\admin\ms18_word.exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\explorer.exe: Debugger - C:\Program Files\Microsoft Common\svchost.exe File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/12 17:07:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/10/08 14:33:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/08 14:32:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/10/19 16:01:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/08 14:18:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\AVG8
[2009/10/01 10:51:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\HPAppData
[2009/10/15 11:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\PCHealth
[3 C:\Documents and Settings\admin\My Documents\*.tmp files]
[2009/10/08 14:32:48 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/19 13:40:07 | 00,000,000 | ---D | C] -- C:\Program Files\Backup&Synchronize Pro
[2009/10/20 12:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\backups
[2009/10/23 10:00:43 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2009/10/22 15:20:16 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/10/22 11:35:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/22 11:35:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/22 11:35:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/22 11:35:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/22 11:34:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/22 11:33:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/19 13:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RD Technologies
[2009/10/19 13:40:09 | 00,587,456 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedZip.dll
[2009/10/19 13:40:09 | 00,413,696 | ---- | C] (Polar info@polarsoftware.com www.polarsoftware.com) -- C:\WINDOWS\System32\PolarCryptoLight.dll
[2009/10/16 10:27:49 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2009/10/15 17:03:02 | 01,396,264 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB948277-x86-ENU.exe
[2009/10/15 12:27:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/15 12:13:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/08 14:51:04 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/10/08 14:33:47 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/08 14:33:47 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/08 14:33:39 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/08 14:33:38 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/08 14:33:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/01 10:48:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/10/01 10:31:04 | 00,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Music
[2009/10/01 10:26:08 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/10/01 10:25:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/01 10:25:29 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/10/01 10:25:28 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/10/01 10:25:28 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/10/01 10:25:27 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/10/01 10:25:27 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/10/01 10:25:27 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/10/01 10:25:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/10/01 10:22:03 | 25,198,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 10:18:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Shoe Pics
[2009/10/01 10:17:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Signs for shop

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\admin\My Documents\*.tmp files]
[2009/10/23 10:15:48 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2009/10/23 09:57:42 | 43,629,494 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/23 09:57:42 | 00,048,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/23 09:55:10 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/10/23 09:55:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/23 09:55:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/21 16:09:20 | 00,023,932 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Current Sale Stock.docx
[2009/10/21 15:36:18 | 00,565,746 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.rtf
[2009/10/21 11:46:26 | 03,351,153 | R--- | M] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2009/10/20 16:55:02 | 00,182,272 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.doc
[2009/10/20 13:59:45 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$tumn Winter Stock.doc
[2009/10/20 13:44:42 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$rrent Sale Stock.docx
[2009/10/20 13:44:36 | 00,042,915 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Sale Stock from 10th March.docx
[2009/10/20 13:41:59 | 00,031,041 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Stock 2009 - Before 20th July.docx
[2009/10/20 13:07:30 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$TAL SPENDING FOR AUTUMN WINTER 2009.docx
[2009/10/20 12:29:36 | 00,007,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/20 12:09:06 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2009/10/19 16:39:14 | 00,102,660 | ---- | M] () -- C:\SystemLook.exe
[2009/10/19 13:40:15 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Backup&Synchronize.lnk
[2009/10/19 13:28:43 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$tumn Winter Stock.docx
[2009/10/19 10:45:22 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/17 11:39:02 | 00,011,775 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\summer '10 spending.xlsx
[2009/10/16 13:11:33 | 04,002,939 | ---- | M] () -- C:\Program Files\stock charlie nelson.zip
[2009/10/16 09:56:05 | 00,477,696 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Winter 09-10 STOCK. paco gil.doc
[2009/10/15 12:16:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 09:52:33 | 00,000,528 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/14 17:28:20 | 00,037,569 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.docx
[2009/10/14 16:48:46 | 00,015,168 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\TOTAL SPENDING FOR AUTUMN WINTER 2009.docx
[2009/10/14 15:59:29 | 00,376,219 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Jersey Now.zip
[2009/10/14 15:58:47 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Cash Flow Analysis.xls
[2009/10/14 09:55:20 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/10/14 09:55:20 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2009/10/12 17:31:03 | 00,015,085 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\tillmanual.docx
[2009/10/12 12:51:52 | 00,016,238 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Sundry Expenses.docx
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/08 23:21:00 | 01,396,264 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB948277-x86-ENU.exe
[2009/10/08 17:05:39 | 03,756,080 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2009/10/08 14:33:48 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/10/08 14:33:47 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/08 14:33:47 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/08 14:33:39 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/08 14:33:38 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/08 14:33:11 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/08 14:33:09 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/07 15:46:54 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Credi App Filled Out.doc
[2009/10/07 14:34:26 | 00,059,556 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Umbrella Heaven Price List.zip
[2009/10/07 14:22:03 | 00,032,173 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Stock 2009.docx
[2009/10/07 14:21:36 | 00,016,870 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\before sale figures.docx
[2009/10/07 10:32:22 | 00,084,480 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Credit Application Hunter.doc
[2009/10/07 10:19:53 | 00,000,646 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/05 15:59:40 | 00,034,462 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Costs.rtf
[2009/10/02 11:01:58 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 13:53:45 | 00,166,630 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Stock 2009.rtf
[2009/09/30 17:22:27 | 00,011,082 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\summerstockúú.xlsx
[2009/09/29 13:22:07 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$rdi sign.docx
[2009/09/25 13:04:09 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$ily sales.rtf
[2009/09/24 09:44:06 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$ndry Expenses.rtf
[2009/09/23 23:02:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files - No Company Name ==========
[2009/10/22 11:35:05 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/22 11:35:05 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/22 11:35:05 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/22 11:35:05 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/21 14:00:05 | 00,565,746 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.rtf
[2009/10/21 11:46:25 | 03,351,153 | R--- | C] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2009/10/21 10:43:52 | 43,629,494 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/20 13:59:45 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$tumn Winter Stock.doc
[2009/10/20 13:59:44 | 00,182,272 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.doc
[2009/10/20 13:44:42 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$rrent Sale Stock.docx
[2009/10/20 13:41:21 | 00,031,041 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Stock 2009 - Before 20th July.docx
[2009/10/20 13:07:30 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$TAL SPENDING FOR AUTUMN WINTER 2009.docx
[2009/10/20 12:29:36 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/19 16:39:14 | 00,102,660 | ---- | C] () -- C:\SystemLook.exe
[2009/10/19 13:40:15 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Backup&Synchronize.lnk
[2009/10/19 13:28:43 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$tumn Winter Stock.docx
[2009/10/16 13:11:27 | 04,002,939 | ---- | C] () -- C:\Program Files\stock charlie nelson.zip
[2009/10/16 09:56:00 | 00,477,696 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Winter 09-10 STOCK. paco gil.doc
[2009/10/15 09:52:33 | 00,000,528 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/14 15:59:26 | 00,376,219 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Jersey Now.zip
[2009/10/14 15:58:44 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Cash Flow Analysis.xls
[2009/10/14 14:07:32 | 00,015,168 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\TOTAL SPENDING FOR AUTUMN WINTER 2009.docx
[2009/10/13 11:20:06 | 00,023,932 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Current Sale Stock.docx
[2009/10/13 11:17:51 | 00,042,915 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Sale Stock from 10th March.docx
[2009/10/12 12:51:00 | 00,016,238 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Sundry Expenses.docx
[2009/10/10 13:11:14 | 00,015,085 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\tillmanual.docx
[2009/10/08 14:33:48 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/10/08 14:33:11 | 00,048,786 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/08 14:33:09 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/08 14:33:05 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/07 15:46:53 | 00,051,200 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Credi App Filled Out.doc
[2009/10/07 14:34:09 | 00,059,556 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Umbrella Heaven Price List.zip
[2009/10/07 14:22:02 | 00,032,173 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Stock 2009.docx
[2009/10/07 14:21:12 | 00,016,870 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\before sale figures.docx
[2009/10/07 14:20:37 | 00,037,569 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.docx
[2009/10/07 10:32:21 | 00,084,480 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Credit Application Hunter.doc
[2009/10/05 16:28:16 | 00,011,775 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\summer '10 spending.xlsx
[2009/09/30 17:22:27 | 00,011,082 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\summerstockúú.xlsx
[2009/09/29 13:22:07 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$rdi sign.docx
[2009/09/25 11:35:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$ily sales.rtf
[2009/09/24 09:44:06 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$ndry Expenses.rtf
[2009/05/08 10:57:46 | 00,025,304 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/05/08 10:39:54 | 00,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/30 12:51:47 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/02/12 17:20:55 | 03,756,080 | -H-- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2009/02/12 17:12:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\admin\Application Data\desktop.ini
[2009/02/12 16:53:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/02/28 13:00:00 | 00,000,646 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 13:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/02/28 12:56:28 | 01,614,848 | ---- | C] () -- C:\WINDOWS\System32\sfcfiles.dll.bak
[2006/02/28 12:56:28 | 01,614,848 | ---- | C] () -- C:\WINDOWS\System32\sfcfiles.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

    Advertisements

Register to Remove


#17 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 23 October 2009 - 07:17 AM

Hi Cheryl,

Progress.

Back up your registry with ERUNT
  • Download ERUNT from Here and save it to your desktop.
In Task Manager
  • click file
  • click New Task(Run...)
  • copy and paste the following line into the open: field
    "%userprofile%\desktop\erunt-setup.exe"
  • click ok
  • Follow the prompts, and then uncheck Create NTREGOPT desktop icon at the Additional Tasks screen.
  • Click No when you are prompted about creating an ERUNT entry in the startup folder.
  • At the next screen, uncheck Show documentation and check Launch ERUNT
  • At the configuration screen, make sure all 3 checkboxes are checked
  • Click Ok to run the backup process
Wait until the program finishes then please continue.

Next

  • Holding down your left mouse button, highlight all the text in the codebox below.
  • Do not copy the word CODE , please note the script starts with the :
  • right click the highlighted text and choose copy
:filefind
sfcfiles.dll

In Task Manager
  • click file
  • click New Task(Run...)
  • type the following line into the open: field
    C:\Systemlook.exe
  • click ok
SystemLook should appear on your screen.
  • Right click anywhere in the white field and choose paste.
  • the text you copied earlier should appear
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
Please post this log in your next reply.

If you loose the notepad before you can post the contents, you may retrieve it copying and pasting this command in the Task Manager open box.
%userprofile%\desktop\SystemLook.txt

Hopefully your desktop will reappear after this next step.

  • Holding down your left mouse button, highlight all the text in the codebox below.
  • Do not copy the word CODE , please note the script starts with the :
  • right click the highlighted text and choose copy
:process

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]

:Commands
[purity]
[start explorer]

In Task Manager
  • click file
  • click New Task(Run...)
  • type the following line into the open: field
    "%userprofile%\desktop\otl.exe"
  • click ok

OTL should open.
  • Under the Custom Scans/Fixes box at the bottom, right click and select paste. The text you copied earlier should appear.
Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL log and the SystemLook log.

Is your desktop back?

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#18 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 23 October 2009 - 07:46 AM

Alrighty, first is the system look log and second is the OTL log. Desktop has not reappeared though. SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 14:33 on 23/10/2009 by admin (Administrator - Elevation successful) ========== filefind ========== Searching for "sfcfiles.dll" C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll -----c 1580544 bytes [11:28 21/07/2009] [12:00 28/02/2006] (Unable to calculate MD5) C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll ------ 1614848 bytes [00:12 14/04/2008] [00:12 14/04/2008] 9DD07AF82244867CA36681EA2D29CE79 C:\WINDOWS\system32\sfcfiles.dll --a--- 1614848 bytes [11:56 28/02/2006] [00:12 14/04/2008] (Unable to calculate MD5) -=End Of File=- Error: Unable to interpret <:process> in the current context! ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\ deleted successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.0.22.1 log created on 10232009_143914

#19 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 23 October 2009 - 09:32 AM

OH MY WORD! I just got the desktop back (typed in exlplorer.exe. Didn't work before but it did this time!) I keep getting a screen telling me that the system has just recovered from an error and I send an error report and it tells me to download the Microsoft Malicious Software Removal tool. I won't do anything until you give me the heads up, just in case! That's just made my whole weekend! Thank you, thank you, thank you!!

#20 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 23 October 2009 - 06:22 PM

Hi Cheryl,

Good. I thought OTL might be able to start explorer for you after the fix, but you did the right thing.

Don't bother with Microsoft Malicious Software Removal tool, it may detect our tools.

Let's see what else is going on.

We need some file informantion
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path, one at a time if more than file is listed, into the "Suspicious files to scan" box on the top of the page:

    C:\WINDOWS\system32\sfcfiles.dll
    C:\WINDOWS\System32\sfcfiles.dll.bak

  • Click on the Upload button
  • Please ensure the scan is complete and the results saved before submitting the next.
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop

Open hijackthis, do a system scan only and checkmark these lines, if present

O4 - HKLM..\Run: [MRT] C:\WINDOWS\System32\MRT.exe

Close ALL other windows/browsers and click Fix Checked. Answer Yes if prompted. Close HJT.

Please post back with
  • VirScan results
  • GMER log

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#21 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 24 October 2009 - 03:23 AM

For some reason I can't scan the first file, it says there is an error. AVG was popping up everytime I tried to scan so I changed the settings and it still popped up so I clicked ignore, but it still can't upload the file. I can't paste it to the box I have to click browse-system32-paste-open, then upload. Seemed to work fine for the second file but not the first.

VirSCAN.org Scanned Report :
Scanned time : 2009/10/24 10:09:25 (BST)
Scanner results: 56% Scanner(s) (20/36) found malware!
File Name : sfcfiles.dll.bak
File Size : 1614848 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : aeb03727a6db90c358b7b0b87cc57b6c
SHA1 : e05db1b6b9991c130bfa8b4d902fa3d563ac716b
Online report : http://virscan.org/r...efc8250bc6.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091024060116 2009-10-24 4.71 Trojan.Win32.Patched!IK
AhnLab V3 2009.10.24.00 2009.10.24 2009-10-24 0.97 -
AntiVir 8.2.1.44 7.1.6.145 2009-10-23 0.11 TR/Dropper.Gen
Antiy 2.0.18 20091023.3055910 2009-10-23 0.22 Trojan/Win32.Patched.fr
Arcavir 2009 200910231251 2009-10-23 0.14 -
Authentium 5.1.1 200910240504 2009-10-24 1.25 W32/Laglass!Generic (Possible)
AVAST! 4.7.4 091023-0 2009-10-23 0.05 Win32:Patched-KP [Trj]
AVG 8.5.288 270.14.28/2454 2009-10-23 0.39 Win32/Patched
BitDefender 7.81008.4452231 7.28522 2009-10-24 3.85 -
ClamAV 0.95.2 9920 2009-10-21 0.00 -
Comodo 3.12 2712 2009-10-24 0.88 TrojWare.Win32.Small.YBE
CP Secure 1.3.0.5 2009.10.24 2009-10-24 0.45 -
Dr.Web 4.44.0.9170 2009.10.24 2009-10-24 5.95 Trojan.Siggen.3043
F-Prot 4.4.4.56 20091023 2009-10-23 1.31 W32/Laglass!Generic
F-Secure 7.02.73807 2009.10.24.02 2009-10-24 0.11 Trojan.Win32.Patched.fr [AVP]
Fortinet 2.81-3.120 10.980 2009-10-24 0.21 W32/Patched.FR!tr
GData 19.8558/19.520 20091024 2009-10-24 5.84 Trojan.Win32.Patched.fr [Engine:A]
ViRobot 20091023 2009.10.23 2009-10-23 0.41 -
Ikarus T3.1.01.72 2009.10.23.74238 2009-10-23 4.17 Trojan.Win32.Patched
JiangMin 11.0.800 2009.10.24 2009-10-24 4.10 Trojan/Patch.b
Kaspersky 5.5.10 2009.10.24 2009-10-24 0.05 Trojan.Win32.Patched.fr
KingSoft 2009.2.5.15 2009.10.23.20 2009-10-23 0.81 -
McAfee 5.3.00 5780 2009-10-23 3.39 Patched-SFCFile
Microsoft 1.5202 2009.10.24 2009-10-24 6.07 -
Norman 6.01.09 6.01.00 2009-10-23 4.01 -
Panda 9.05.01 2009.10.23 2009-10-23 1.88 -
Trend Micro 8.700-1004 6.574.01 2009-10-23 0.03 -
Quick Heal 10.00 2009.10.24 2009-10-24 1.86 -
Rising 20.0 21.52.51.00 2009-10-24 0.93 -
Sophos 3.00.1 4.46 2009-10-24 2.64 Mal/Generic-A
Sunbelt 5466 5466 2009-10-23 1.69 Trojan.Win32.Patched.fr (v)
Symantec 1.3.0.24 20091023.002 2009-10-23 0.08 -
nProtect 20091024.01 5994880 2009-10-24 8.17 -
The Hacker 6.5.0.2 v00051 2009-10-22 0.69 Trojan/Patched.fr
VBA32 3.12.10.11 20091023.1519 2009-10-23 2.15 Trojan.Win32.Patched.fr
VirusBuster 4.5.11.10 10.112.77/2012747 2009-10-24 2.51 -

Edited by ~Cheryl~, 24 October 2009 - 03:29 AM.


#22 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 24 October 2009 - 04:17 AM

This is the GMER log. I hope it's okay to have run it without scanning the above file...

Also, the 04 - HKLM..\Run: [MRT] ... file was not present on HJT log.


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-24 11:07:58
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\awgoyaod.sys


---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\sfc.SYS The system cannot find the path specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\explorer.exe[896] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!ExitProcess] 00AF32A6
IAT C:\WINDOWS\explorer.exe[896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00AF3129
IAT C:\WINDOWS\explorer.exe[896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00AF31E0
IAT C:\WINDOWS\explorer.exe[896] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00AF32A6
IAT C:\WINDOWS\explorer.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ExitProcess] 00AF32A6
IAT C:\Program Files\iTunes\iTunesHelper.exe[1264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D13129
IAT C:\Program Files\iTunes\iTunesHelper.exe[1264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D131E0
IAT C:\Program Files\iTunes\iTunesHelper.exe[1264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00D132A6
IAT C:\Program Files\iTunes\iTunesHelper.exe[1264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ExitProcess] 00D132A6
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00AB3129
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 003D4440
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00AB32A6
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ExitProcess] 00AB32A6
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 018F3129
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01534440
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3496] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 018F32A6
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00DB3129
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00DB31E0
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[4080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ExitProcess] 00DB32A6
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[4080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00DB32A6

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  GMER.txt   5.85KB   307 downloads

Edited by ~Cheryl~, 24 October 2009 - 04:19 AM.


#23 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 24 October 2009 - 10:25 AM

Hi Cheyl,

I'll have you create a batch file first then continue.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

copy "C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll" "C:\WINDOWS\system32\sfcfiles.dll"

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "fix.bat"
  • Click save
You should now have a file on your desktop with an icon like this: Posted Image

Don't do anything with it, it will be used by the next tool.


1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Drivers to delete:
sfc

Files to delete:
C:\WINDOWS\System32\Drivers\sfc.SYS
C:\WINDOWS\system32\sfcfiles.dll
C:\WINDOWS\System32\sfcfiles.dll.bak 

Registry keys to replace with dummy:
HKEY_LOCAL_MACHINE\SOFTWARE\Settings

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SFC 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfc 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SFC

Programs to launch on reboot:
"%userprofile%\desktop\fix.bat"


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerĺs actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Next
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window,OTL.Txt.

Please post back with
  • Avenger2 log
  • OTL log
How's the computer?

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#24 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 26 October 2009 - 04:35 AM

Good Morning oldman (I feel terrible calling you that!!), I hope you had a nice weekend! Thank you for all your hard work, here are the files you asked for:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "sfc" deleted successfully.

Error: file "C:\WINDOWS\System32\Drivers\sfc.SYS" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\sfc.SYS" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\sfcfiles.dll" deleted successfully.

Error: file "C:\WINDOWS\System32\sfcfiles.dll.bak" not found!
Deletion of file "C:\WINDOWS\System32\sfcfiles.dll.bak" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SFC" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfc" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SFC" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Settings" replaced with dummy successfully.
Program ""C:\Documents and Settings\admin\desktop\fix.bat"" successfully queued to run on reboot.

Completed script processing.

*******************

Finished! Terminate.





OTL logfile created on: 26/10/2009 10:05:33 - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\admin\Desktop\whatthetech
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.48 Mb Total Physical Memory | 238.55 Mb Available Physical Memory | 47.38% Memory free
1.20 Gb Paging File | 0.97 Gb Available in Paging File | 80.90% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 65.57 Gb Free Space | 87.99% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-434ECF3F8
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\admin\Desktop\whatthetech\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)

========== Driver Services (SafeList) ==========

DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (STAC97NA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\stac97na.sys (SigmaTel Inc.)
DRV - (STAC97NH [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\stac97nh.sys (SigmaTel Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\admin\Desktop\whatthetech\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com...x?wa=wsignin1.0
IE - HKCU\..\URLSearchHook: *{6E6624DD-AB4A-45E9-B9B7-393CB62C45ED} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/01 09:49:40 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [ms18_word] C:\Documents and Settings\admin\ms18_word.exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/12 16:07:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/10/08 13:33:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/08 13:32:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/10/19 15:01:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/08 13:18:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\AVG8
[2009/10/01 09:51:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\HPAppData
[2009/10/15 10:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\PCHealth
[3 C:\Documents and Settings\admin\My Documents\*.tmp files]
[2009/10/08 13:32:48 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/19 12:40:07 | 00,000,000 | ---D | C] -- C:\Program Files\Backup&Synchronize Pro
[2009/10/20 11:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\backups
[2009/10/23 13:30:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/26 09:50:51 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfcfiles.dll
[2009/10/26 09:50:16 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/10/24 13:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\whatthetech
[2009/10/23 13:54:50 | 00,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\SONYPVU1.SYS
[2009/10/23 13:54:50 | 00,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2009/10/23 13:39:14 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/22 14:20:16 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/10/22 10:35:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/22 10:35:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/22 10:35:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/22 10:35:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/22 10:34:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/22 10:33:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/19 12:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RD Technologies
[2009/10/19 12:40:09 | 00,587,456 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedZip.dll
[2009/10/19 12:40:09 | 00,413,696 | ---- | C] (Polar info@polarsoftware.com www.polarsoftware.com) -- C:\WINDOWS\System32\PolarCryptoLight.dll
[2009/10/16 09:27:49 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2009/10/15 16:03:02 | 01,396,264 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB948277-x86-ENU.exe
[2009/10/15 11:27:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/15 11:13:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/08 13:51:04 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/10/08 13:33:47 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/08 13:33:47 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/08 13:33:39 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/08 13:33:38 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/08 13:33:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/01 09:48:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/10/01 09:31:04 | 00,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Music
[2009/10/01 09:26:08 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/10/01 09:25:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/01 09:25:29 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/10/01 09:25:28 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/10/01 09:25:28 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/10/01 09:25:27 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/10/01 09:25:27 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/10/01 09:25:27 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/10/01 09:25:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/10/01 09:22:03 | 25,198,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 09:18:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Shoe Pics
[2009/10/01 09:17:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Signs for shop

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\admin\My Documents\*.tmp files]
[2009/10/26 09:50:45 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/10/26 09:50:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/26 09:50:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/26 09:48:16 | 04,289,504 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2009/10/26 09:44:03 | 00,000,087 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\fix.bat
[2009/10/26 09:41:32 | 44,108,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/26 09:41:32 | 00,050,757 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/26 09:39:22 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/26 09:39:22 | 00,314,816 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/26 09:39:22 | 00,040,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/26 09:37:57 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/24 16:27:28 | 00,038,225 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.docx
[2009/10/24 14:14:29 | 00,022,931 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Sundry Expenses.docx
[2009/10/24 13:19:31 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/23 15:33:40 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Internet Explorer (2).lnk
[2009/10/23 11:45:14 | 00,015,361 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\TOTAL SPENDING FOR AUTUMN WINTER 2009.docx
[2009/10/23 11:37:04 | 00,015,576 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\absolut.jpg
[2009/10/21 15:09:20 | 00,023,932 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Current Sale Stock.docx
[2009/10/21 14:36:18 | 00,565,746 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.rtf
[2009/10/21 10:46:26 | 03,351,153 | R--- | M] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2009/10/20 15:55:02 | 00,182,272 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.doc
[2009/10/20 12:59:45 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$tumn Winter Stock.doc
[2009/10/20 12:44:42 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$rrent Sale Stock.docx
[2009/10/20 12:44:36 | 00,042,915 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Sale Stock from 10th March.docx
[2009/10/20 12:41:59 | 00,031,041 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Stock 2009 - Before 20th July.docx
[2009/10/20 12:07:30 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$TAL SPENDING FOR AUTUMN WINTER 2009.docx
[2009/10/20 11:29:36 | 00,007,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/20 11:09:06 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2009/10/19 15:39:14 | 00,102,660 | ---- | M] () -- C:\SystemLook.exe
[2009/10/19 12:28:43 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$tumn Winter Stock.docx
[2009/10/17 10:39:02 | 00,011,775 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\summer '10 spending.xlsx
[2009/10/16 12:11:33 | 04,002,939 | ---- | M] () -- C:\Program Files\stock charlie nelson.zip
[2009/10/16 08:56:05 | 00,477,696 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Winter 09-10 STOCK. paco gil.doc
[2009/10/15 11:16:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 08:52:33 | 00,000,528 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/14 14:59:29 | 00,376,219 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Jersey Now.zip
[2009/10/14 14:58:47 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Cash Flow Analysis.xls
[2009/10/14 08:55:20 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/10/14 08:55:20 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2009/10/12 16:31:03 | 00,015,085 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\tillmanual.docx
[2009/10/11 07:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/08 22:21:00 | 01,396,264 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB948277-x86-ENU.exe
[2009/10/08 13:33:48 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/10/08 13:33:47 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/08 13:33:47 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/08 13:33:39 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/08 13:33:38 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/08 13:33:11 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/08 13:33:09 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/07 14:46:54 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Credi App Filled Out.doc
[2009/10/07 13:34:26 | 00,059,556 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Umbrella Heaven Price List.zip
[2009/10/07 13:22:03 | 00,032,173 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Stock 2009.docx
[2009/10/07 13:21:36 | 00,016,870 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\before sale figures.docx
[2009/10/07 09:32:22 | 00,084,480 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Credit Application Hunter.doc
[2009/10/07 09:19:53 | 00,000,646 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/05 14:59:40 | 00,034,462 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Costs.rtf
[2009/10/02 10:01:58 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 12:53:45 | 00,166,630 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Stock 2009.rtf
[2009/09/30 16:22:27 | 00,011,082 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\summerstockúú.xlsx
[2009/09/29 12:22:07 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\~$rdi sign.docx

========== Files - No Company Name ==========
[2009/10/26 09:44:03 | 00,000,087 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\fix.bat
[2009/10/23 15:33:40 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Internet Explorer (2).lnk
[2009/10/23 11:37:12 | 00,015,576 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\absolut.jpg
[2009/10/22 10:35:05 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/22 10:35:05 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/22 10:35:05 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/22 10:35:05 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/21 13:00:05 | 00,565,746 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.rtf
[2009/10/21 10:46:25 | 03,351,153 | R--- | C] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2009/10/21 09:43:52 | 44,108,441 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/20 12:59:45 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$tumn Winter Stock.doc
[2009/10/20 12:59:44 | 00,182,272 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.doc
[2009/10/20 12:44:42 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$rrent Sale Stock.docx
[2009/10/20 12:41:21 | 00,031,041 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Stock 2009 - Before 20th July.docx
[2009/10/20 12:07:30 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$TAL SPENDING FOR AUTUMN WINTER 2009.docx
[2009/10/20 11:29:36 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/19 15:39:14 | 00,102,660 | ---- | C] () -- C:\SystemLook.exe
[2009/10/19 12:28:43 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$tumn Winter Stock.docx
[2009/10/16 12:11:27 | 04,002,939 | ---- | C] () -- C:\Program Files\stock charlie nelson.zip
[2009/10/16 08:56:00 | 00,477,696 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Winter 09-10 STOCK. paco gil.doc
[2009/10/15 08:52:33 | 00,000,528 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/14 14:59:26 | 00,376,219 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Jersey Now.zip
[2009/10/14 14:58:44 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Cash Flow Analysis.xls
[2009/10/14 13:07:32 | 00,015,361 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\TOTAL SPENDING FOR AUTUMN WINTER 2009.docx
[2009/10/13 10:20:06 | 00,023,932 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Current Sale Stock.docx
[2009/10/13 10:17:51 | 00,042,915 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Sale Stock from 10th March.docx
[2009/10/12 11:51:00 | 00,022,931 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Sundry Expenses.docx
[2009/10/10 12:11:14 | 00,015,085 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\tillmanual.docx
[2009/10/08 13:33:48 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/10/08 13:33:11 | 00,050,757 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/08 13:33:09 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/08 13:33:05 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/07 14:46:53 | 00,051,200 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Credi App Filled Out.doc
[2009/10/07 13:34:09 | 00,059,556 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Umbrella Heaven Price List.zip
[2009/10/07 13:22:02 | 00,032,173 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Stock 2009.docx
[2009/10/07 13:21:12 | 00,016,870 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\before sale figures.docx
[2009/10/07 13:20:37 | 00,038,225 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Autumn Winter Stock.docx
[2009/10/07 09:32:21 | 00,084,480 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Credit Application Hunter.doc
[2009/10/05 15:28:16 | 00,011,775 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\summer '10 spending.xlsx
[2009/09/30 16:22:27 | 00,011,082 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\summerstockúú.xlsx
[2009/09/29 12:22:07 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\My Documents\~$rdi sign.docx
[2009/05/08 09:57:46 | 00,025,304 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/05/08 09:39:54 | 00,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/30 11:51:47 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/02/12 16:20:55 | 04,289,504 | -H-- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2009/02/12 16:12:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\admin\Application Data\desktop.ini
[2009/02/12 15:53:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/02/28 12:00:00 | 00,000,646 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 12:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/20 10:58:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\admin\Application Data
[2009/08/07 13:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\OfficeUpdate12
[2009/10/22 13:33:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/29 10:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/08 13:52:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/22 13:33:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/23 22:02:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2006/02/28 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/26 09:50:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/26 09:50:45 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#25 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 26 October 2009 - 08:14 AM

Hi Cheryl,

Thanks, hope you had a good weekend too.

Let's see how we made out.

We'll use SystemLook again with this script.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield
  • Do not copy the word CODE , please note the script starts with the :
    :filefind
    sfcfiles.*
    
    :file
    C:\WINDOWS\win.ini
    C:\WINDOWS\system.ini
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

We'll see if we can get combofix to run now.

Locate combofix.exe on your desktop, right click it and select delete.

Download a new copy from one of these links.

Link 1
Link 2

Please read through these instructions to familarize yourself with what to expect when this tool runs

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Please post back with
  • SystemLook log
  • combofix log

How's the computer?

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#26 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 26 October 2009 - 08:43 AM

Okay, all ran fine this time. Nearly there!! Here are the two logs:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 14:17 on 26/10/2009 by admin (Administrator - Elevation successful)

========== filefind ==========

Searching for "sfcfiles.*"
C:\Avenger\sfcfiles.dll --a--- 1614848 bytes [03:40 24/10/2009] [00:12 14/04/2008] (Unable to calculate MD5)
C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll.000 -----c 1580544 bytes [11:28 21/07/2009] [12:00 28/02/2006] 30A609E00BD1D4FFC49D6B5A432BE7F2
C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll ------ 1614848 bytes [00:12 14/04/2008] [00:12 14/04/2008] 9DD07AF82244867CA36681EA2D29CE79
C:\WINDOWS\system32\sfcfiles.dll --a--- 1614848 bytes [09:50 26/10/2009] [00:12 14/04/2008] 9DD07AF82244867CA36681EA2D29CE79

========== file ==========

C:\WINDOWS\win.ini - File found and opened.
MD5: B8CF0338F8BE419CBFF66EC8633D2F74
Created at 12:00 on 28/02/2006
Modified at 09:19 on 07/10/2009
Size: 646 bytes
Attributes: --a---
No version information available.

C:\WINDOWS\system.ini - File found and opened.
MD5: A0E02492452D4E237465D99D005D91FD
Created at 12:00 on 28/02/2006
Modified at 15:56 on 12/02/2009
Size: 231 bytes
Attributes: --a---
No version information available.

-=End Of File=-




ComboFix 09-10-25.02 - admin 26/10/2009 14:26.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.503.200 [GMT 0:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\admin\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\Microsoft Common
c:\recycler\S-1-5-21-0009708124-8689855217-734977618-9230
c:\recycler\S-1-5-21-0019484687-6709847229-140337210-8590
c:\recycler\S-1-5-21-0035544107-7393014308-669248670-6136
c:\recycler\S-1-5-21-0084247457-6735915194-682732514-2769
c:\recycler\S-1-5-21-0089015792-5641117651-238402149-0470
c:\recycler\S-1-5-21-0098238750-3465683174-806374479-1303
c:\recycler\S-1-5-21-0137306170-8860928817-410286766-3627
c:\recycler\S-1-5-21-0182222684-4561561591-559324847-5297
c:\recycler\S-1-5-21-0185647510-5018817171-522248635-0392
c:\recycler\S-1-5-21-0191010551-4955079689-165241630-3588
c:\recycler\S-1-5-21-0221649203-2653158161-666195083-4698
c:\recycler\S-1-5-21-0229429108-8983317711-344923801-1721
c:\recycler\S-1-5-21-0254244440-6512078894-720017144-2013
c:\recycler\S-1-5-21-0256860448-5241853659-247946668-6151
c:\recycler\S-1-5-21-0261715800-4033667749-776315082-4092
c:\recycler\S-1-5-21-0311463291-8431051302-194430925-4353
c:\recycler\S-1-5-21-0325575267-1943061000-731474351-5507
c:\recycler\S-1-5-21-0349445891-9323971747-329493258-9544
c:\recycler\S-1-5-21-0353248537-4333026711-535928814-8639
c:\recycler\S-1-5-21-0361278467-3622516098-859142992-6205
c:\recycler\S-1-5-21-0375257837-2629498293-628169226-2762
c:\recycler\S-1-5-21-0380795906-8889841006-730377674-3704
c:\recycler\S-1-5-21-0390075616-7976784894-456791967-9275
c:\recycler\S-1-5-21-0411367595-6642297024-438585260-5190
c:\recycler\S-1-5-21-0415455672-0188444660-724672562-3347
c:\recycler\S-1-5-21-0420826127-9393230571-075572714-3579
c:\recycler\S-1-5-21-0422929841-7356884590-926957609-8931
c:\recycler\S-1-5-21-0423293880-1766564453-388067004-5338
c:\recycler\S-1-5-21-0445990335-2144154484-530725521-8190
c:\recycler\S-1-5-21-0449407286-1342053487-801100589-9087
c:\recycler\S-1-5-21-0467986831-9623033385-652986718-3727
c:\recycler\S-1-5-21-0481865179-9773748728-001787211-0353
c:\recycler\S-1-5-21-0528390008-4085345750-159366515-6684
c:\recycler\S-1-5-21-0550265817-2028360312-849463008-9030
c:\recycler\S-1-5-21-0555639630-9713674289-226804285-3662
c:\recycler\S-1-5-21-0569629888-8935131086-197427569-7157
c:\recycler\S-1-5-21-0577338798-4719803514-280274256-2509
c:\recycler\S-1-5-21-0609902198-2004297754-690954542-1762
c:\recycler\S-1-5-21-0618834400-2366074411-404474159-9770
c:\recycler\S-1-5-21-0630330340-3975461198-566553750-0563
c:\recycler\S-1-5-21-0636533930-0186849733-880342103-3942
c:\recycler\S-1-5-21-0652981468-7130046449-745051097-0090
c:\recycler\S-1-5-21-0657674029-9987523684-941260846-8755
c:\recycler\S-1-5-21-0689663259-0974587175-260330485-9020
c:\recycler\S-1-5-21-0739014756-8670271461-223218376-9502
c:\recycler\S-1-5-21-0824312927-9744560737-282400999-5524
c:\recycler\S-1-5-21-0834111190-4958703875-950744921-6268
c:\recycler\S-1-5-21-0871690306-9694291361-049489375-5139
c:\recycler\S-1-5-21-0933194855-8861103404-778039170-0546
c:\recycler\S-1-5-21-0936236173-1953124677-822678932-5823
c:\recycler\S-1-5-21-0958185937-6942872406-408055842-7229
c:\recycler\S-1-5-21-0967206849-5011344777-592636844-0617
c:\recycler\S-1-5-21-1108104726-6398069353-166313698-1254
c:\recycler\S-1-5-21-1141453943-5559672109-848611827-5615
c:\recycler\S-1-5-21-1151298383-2663172506-337170345-7459
c:\recycler\S-1-5-21-1169977129-6371114694-348709622-7109
c:\recycler\S-1-5-21-1212267337-9510664952-276193975-8532
c:\recycler\S-1-5-21-1264272492-3550463695-819973187-6374
c:\recycler\S-1-5-21-1266575803-5348455718-842970659-9070
c:\recycler\S-1-5-21-1282543084-7861680150-343981019-4637
c:\recycler\S-1-5-21-1320233967-4108848903-906183614-9435
c:\recycler\S-1-5-21-1342745507-0197203903-451709003-9331
c:\recycler\S-1-5-21-1360976967-8104599099-940712219-1211
c:\recycler\S-1-5-21-1381333990-4288145996-541935081-2338
c:\recycler\S-1-5-21-1391763181-0009067793-639301831-2748
c:\recycler\S-1-5-21-1418208096-6609096011-385882526-2019
c:\recycler\S-1-5-21-1444940248-1216916455-534525582-4317
c:\recycler\S-1-5-21-1480588102-1709164945-918379973-1968
c:\recycler\S-1-5-21-1489730985-8271088592-970112805-8249
c:\recycler\S-1-5-21-1510692349-9819435054-406676037-7470
c:\recycler\S-1-5-21-1516750212-4743922423-423219054-7286
c:\recycler\S-1-5-21-1588309620-3387689815-408293040-9613
c:\recycler\S-1-5-21-1634709039-6140432024-451394802-2903
c:\recycler\S-1-5-21-1645701021-3564471874-806595499-5281
c:\recycler\S-1-5-21-1684212130-8445182530-146370661-5196
c:\recycler\S-1-5-21-1693899627-5505614583-514309266-6901
c:\recycler\S-1-5-21-1710318601-9997399345-803142131-7814
c:\recycler\S-1-5-21-1718528114-7655551072-152263303-4158
c:\recycler\S-1-5-21-1729879485-8663168947-588524463-5032
c:\recycler\S-1-5-21-1746297390-5927853769-052261423-2004
c:\recycler\S-1-5-21-1814813270-7924128855-107650537-8259
c:\recycler\S-1-5-21-1923766514-4052774036-831891176-6770
c:\recycler\S-1-5-21-1942228606-9161287006-344358305-9136
c:\recycler\S-1-5-21-1985471628-2826213331-122423972-8828
c:\recycler\S-1-5-21-1991722997-6977683390-658403336-2622
c:\recycler\S-1-5-21-2001149116-0846209810-649439111-2486
c:\recycler\S-1-5-21-2054371331-6215378134-119662423-6468
c:\recycler\S-1-5-21-2065434021-5009107774-050255329-3182
c:\recycler\S-1-5-21-2086355737-7888974837-970885024-8473
c:\recycler\S-1-5-21-2140053440-5965611436-137552190-4993
c:\recycler\S-1-5-21-2145952338-5796875567-012627392-9482
c:\recycler\S-1-5-21-2147241095-4685956219-803418718-2277
c:\recycler\S-1-5-21-2213329913-3571975950-469985136-4784
c:\recycler\S-1-5-21-2293828485-4354445370-285374992-8432
c:\recycler\S-1-5-21-2347069379-8751033518-253745381-6963
c:\recycler\S-1-5-21-2388946313-1052979120-134335462-0771
c:\recycler\S-1-5-21-2403221017-1137980756-142472467-7877
c:\recycler\S-1-5-21-2419103810-7033587852-882527797-8388
c:\recycler\S-1-5-21-2449631159-1017570544-855468324-1359
c:\recycler\S-1-5-21-2466882976-1926694475-781031859-9360
c:\recycler\S-1-5-21-2534861637-6806297438-405554603-2776
c:\recycler\S-1-5-21-2580291106-2192007067-661434243-4722
c:\recycler\S-1-5-21-2605971391-6449839445-580326451-0878
c:\recycler\S-1-5-21-2663342227-6318232893-321970077-3734
c:\recycler\S-1-5-21-2666455232-9413415967-188726282-6704
c:\recycler\S-1-5-21-2683301391-9329066989-462920387-6480
c:\recycler\S-1-5-21-2702864922-8440065146-166587226-9330
c:\recycler\S-1-5-21-2706248912-1245817482-884799644-4250
c:\recycler\S-1-5-21-2722206639-0049686192-111253735-7039
c:\recycler\S-1-5-21-2723464123-6078987504-634664273-6017
c:\recycler\S-1-5-21-2787110797-3919628015-669636409-1698
c:\recycler\S-1-5-21-2814224801-3451650135-623346717-7132
c:\recycler\S-1-5-21-2831424394-4789737621-996706195-2043
c:\recycler\S-1-5-21-2892686716-0409324262-043862857-7740
c:\recycler\S-1-5-21-2894106051-8932526821-938874019-1919
c:\recycler\S-1-5-21-2973627350-5648976419-351909671-3300
c:\recycler\S-1-5-21-2976367091-8502587786-416169509-9714
c:\recycler\S-1-5-21-3020645122-3451345378-403007838-4541
c:\recycler\S-1-5-21-3030722797-5219364221-596101278-0178
c:\recycler\S-1-5-21-3033238583-6499724621-170379029-4527
c:\recycler\S-1-5-21-3036018144-5366765771-814676135-0795
c:\recycler\S-1-5-21-3061887262-4922966057-860404351-7362
c:\recycler\S-1-5-21-3067988620-8730521946-471693362-4540
c:\recycler\S-1-5-21-3074785565-7224457621-148591707-8187
c:\recycler\S-1-5-21-3078405635-0317087617-672140965-5225
c:\recycler\S-1-5-21-3081760089-0062221991-512504021-8712
c:\recycler\S-1-5-21-3105637152-3430771120-018365102-2193
c:\recycler\S-1-5-21-3106890403-8674669328-393332838-7518
c:\recycler\S-1-5-21-3183779017-9860419794-970854278-5194
c:\recycler\S-1-5-21-3297854954-2365940387-555872821-4121
c:\recycler\S-1-5-21-3303125510-7800063687-663514669-0747
c:\recycler\S-1-5-21-3345563685-4368894094-038391743-0218
c:\recycler\S-1-5-21-3375709817-3486898525-866391901-3521
c:\recycler\S-1-5-21-3407653141-0418687996-871842955-5681
c:\recycler\S-1-5-21-3462677477-5849478651-414276902-7193
c:\recycler\S-1-5-21-3467074071-9870486461-542265283-2803
c:\recycler\S-1-5-21-3489695355-2906581039-244502280-1473
c:\recycler\S-1-5-21-3550782769-3873364119-377946386-1738
c:\recycler\S-1-5-21-3566148957-8875614685-163044022-6031
c:\recycler\S-1-5-21-3580956453-8947308244-963721092-9295
c:\recycler\S-1-5-21-3594289454-0030402291-859048578-5092
c:\recycler\S-1-5-21-3603581776-6490813679-127653606-4180
c:\recycler\S-1-5-21-3630570225-1764417859-113910127-0991
c:\recycler\S-1-5-21-3664848086-8077755813-562360320-1324
c:\recycler\S-1-5-21-3671036898-9394302632-170896413-6488
c:\recycler\S-1-5-21-3715171491-4901789539-513877952-8913
c:\recycler\S-1-5-21-3728508664-5090510960-283610282-3975
c:\recycler\S-1-5-21-3730278906-7567419484-615451753-6587
c:\recycler\S-1-5-21-3769887676-5364113738-157157497-4776
c:\recycler\S-1-5-21-3774782192-4764540226-819112536-5831
c:\recycler\S-1-5-21-3780018600-0473315888-139344998-2497
c:\recycler\S-1-5-21-3814123775-6953435766-759979329-8269
c:\recycler\S-1-5-21-3829286542-0171662894-497456492-4196
c:\recycler\S-1-5-21-3889164878-8435970817-776465009-3042
c:\recycler\S-1-5-21-3898666969-1871747613-925603814-7359
c:\recycler\S-1-5-21-3901114983-9176904163-802671684-5106
c:\recycler\S-1-5-21-3913624390-4545329354-491196407-1248
c:\recycler\S-1-5-21-3987679543-0468446132-872382754-6704
c:\recycler\S-1-5-21-3993688575-4608214212-543297866-7433
c:\recycler\S-1-5-21-4012583252-3291695694-960638821-2537
c:\recycler\S-1-5-21-4014606609-1279048305-749683176-5418
c:\recycler\S-1-5-21-4040389869-4846099996-292520498-5363
c:\recycler\S-1-5-21-4084196672-0687545958-184422252-9291
c:\recycler\S-1-5-21-4142779794-2789449447-963667506-0785
c:\recycler\S-1-5-21-4349382869-5304890912-660901771-5419
c:\recycler\S-1-5-21-4375727652-9520238701-387013603-5577
c:\recycler\S-1-5-21-4383508545-7387720620-008646123-0604
c:\recycler\S-1-5-21-4430023686-1443968213-492811615-0387
c:\recycler\S-1-5-21-4464303218-1031542256-633757812-4162
c:\recycler\S-1-5-21-4544455400-2592032824-431804542-3530
c:\recycler\S-1-5-21-4597311015-1871289531-212191766-4000
c:\recycler\S-1-5-21-4629619192-8627979610-212200621-8563
c:\recycler\S-1-5-21-4634414813-2105400219-313585123-3907
c:\recycler\S-1-5-21-4635790473-3189685496-903469040-3422
c:\recycler\S-1-5-21-4719149424-8292395344-313058392-3677
c:\recycler\S-1-5-21-4786281310-4594513483-348870681-1956
c:\recycler\S-1-5-21-4790964128-7423930128-120785635-9472
c:\recycler\S-1-5-21-4809619839-7605921386-400097163-7870
c:\recycler\S-1-5-21-4838334797-2609292282-098342122-7432
c:\recycler\S-1-5-21-4862151061-1171418444-282913738-8819
c:\recycler\S-1-5-21-4948829551-7168213292-668177740-7708
c:\recycler\S-1-5-21-4984527870-5236788546-645647649-0594
c:\recycler\S-1-5-21-5010384838-7111866520-751357916-6419
c:\recycler\S-1-5-21-5010396593-7753053532-693182998-0196
c:\recycler\S-1-5-21-5019141335-4597454428-670377440-1824
c:\recycler\S-1-5-21-5023003812-2162137830-435105848-9482
c:\recycler\S-1-5-21-5059546658-2059239540-960565408-5744
c:\recycler\S-1-5-21-5147096032-9153723308-452613017-2041
c:\recycler\S-1-5-21-5209001313-4512233826-372687022-7114
c:\recycler\S-1-5-21-5232537325-9724642913-352420043-9298
c:\recycler\S-1-5-21-5243185974-1977487563-670864543-9817
c:\recycler\S-1-5-21-5294295848-2830014035-657154815-5324
c:\recycler\S-1-5-21-5299527864-2408580704-623859439-1802
c:\recycler\S-1-5-21-5319711192-8295904931-863632981-6625
c:\recycler\S-1-5-21-5320848384-6484307072-285943378-3934
c:\recycler\S-1-5-21-5339522931-9978979667-969412560-9333
c:\recycler\S-1-5-21-5352617915-2686168305-192036883-5970
c:\recycler\S-1-5-21-5358737485-3634766630-014539228-0638
c:\recycler\S-1-5-21-5374058967-2018190432-641086155-1453
c:\recycler\S-1-5-21-5385037084-7613116330-312911559-2236
c:\recycler\S-1-5-21-5386827492-4594833335-986199324-7619
c:\recycler\S-1-5-21-5413923055-7677418595-587213036-3132
c:\recycler\S-1-5-21-5430432376-4232969410-845699394-5624
c:\recycler\S-1-5-21-5484214690-3922615501-517868257-9228
c:\recycler\S-1-5-21-5568912450-4721953028-070235190-1930
c:\recycler\S-1-5-21-5606893697-7129206685-831962875-3493
c:\recycler\S-1-5-21-5688814371-5910828378-313066505-1180
c:\recycler\S-1-5-21-5728038788-6342087170-302044564-1896
c:\recycler\S-1-5-21-5786093984-8981947493-893062522-2527
c:\recycler\S-1-5-21-5806545042-2819681293-012336040-4887
c:\recycler\S-1-5-21-5807189560-1665139307-109281768-7082
c:\recycler\S-1-5-21-5852741069-2136316060-500492366-7979
c:\recycler\S-1-5-21-5927255554-2706903010-511260803-5818
c:\recycler\S-1-5-21-6016412766-7113537677-887244790-6773
c:\recycler\S-1-5-21-6017972250-7534295013-781775010-0383
c:\recycler\S-1-5-21-6036883848-9969605139-523673448-5530
c:\recycler\S-1-5-21-6131101283-1704130399-682955181-3782
c:\recycler\S-1-5-21-6153688303-5471610558-722717738-8497
c:\recycler\S-1-5-21-6197921317-7874274355-752806152-2161
c:\recycler\S-1-5-21-6211298957-6122596680-550945217-8227
c:\recycler\S-1-5-21-6238534611-3364098549-820705784-3409
c:\recycler\S-1-5-21-6302752974-5922973805-737732532-6069
c:\recycler\S-1-5-21-6343116604-5944647068-137039059-8444
c:\recycler\S-1-5-21-6355027296-3003242123-763477192-2343
c:\recycler\S-1-5-21-6437157886-0643141915-116609966-7845
c:\recycler\S-1-5-21-6494264461-8186704150-630806461-3573
c:\recycler\S-1-5-21-6528815768-1614821903-758986902-1608
c:\recycler\S-1-5-21-6536893213-0125964432-026473131-6272
c:\recycler\S-1-5-21-6543287152-7443364763-266245344-8608
c:\recycler\S-1-5-21-6576602107-8829856846-434484027-4416
c:\recycler\S-1-5-21-6585895909-4251229876-364960674-3791
c:\recycler\S-1-5-21-6590420550-2458320066-696298561-6965
c:\recycler\S-1-5-21-6590902547-5125435462-335398695-8872
c:\recycler\S-1-5-21-6654250030-3908627392-744808111-3859
c:\recycler\S-1-5-21-6735444147-9247520468-940467145-8046
c:\recycler\S-1-5-21-6775072209-4333592876-869583292-5938
c:\recycler\S-1-5-21-6814012218-8420259129-979276620-1279
c:\recycler\S-1-5-21-6818578241-1840932280-547078059-8258
c:\recycler\S-1-5-21-6822896000-9659361157-981611139-8507
c:\recycler\S-1-5-21-6846191931-0728219531-538975596-8294
c:\recycler\S-1-5-21-6846227677-8915162671-917153612-2339
c:\recycler\S-1-5-21-6855795111-4249341031-678659345-8336
c:\recycler\S-1-5-21-6865771097-6961174728-417668064-8155
c:\recycler\S-1-5-21-6890284255-4718263783-850661799-2378
c:\recycler\S-1-5-21-6919316807-8111481933-464954809-3862
c:\recycler\S-1-5-21-6929948789-8742268929-430048849-9420
c:\recycler\S-1-5-21-6953487943-7298098787-882763858-3572
c:\recycler\S-1-5-21-6976181372-6289017859-054194243-1110
c:\recycler\S-1-5-21-7012835668-9805118638-504503340-4833
c:\recycler\S-1-5-21-7039800451-9498372661-643315023-3186
c:\recycler\S-1-5-21-7066510792-3449326578-215598613-4567
c:\recycler\S-1-5-21-7093560469-9301815637-375064909-9027
c:\recycler\S-1-5-21-7160723835-0278431580-167803578-2271
c:\recycler\S-1-5-21-7169908791-3686368752-134822138-1477
c:\recycler\S-1-5-21-7185662956-1838089156-095585996-5431
c:\recycler\S-1-5-21-7256744281-8223960764-675035672-0255
c:\recycler\S-1-5-21-7305430653-1617656207-363855605-9022
c:\recycler\S-1-5-21-7386627329-5522893073-968648418-0702
c:\recycler\S-1-5-21-7428564091-4271226704-009974166-9158
c:\recycler\S-1-5-21-7439110422-2419713662-654705630-6137
c:\recycler\S-1-5-21-7566281033-7575297965-519988424-2067
c:\recycler\S-1-5-21-7588339874-8279820132-747047117-7185
c:\recycler\S-1-5-21-7631830204-0063945594-281308987-4983
c:\recycler\S-1-5-21-7712643394-0094007180-230166153-2237
c:\recycler\S-1-5-21-7749095617-7267686090-228757060-0460
c:\recycler\S-1-5-21-7765911033-4102419183-023848424-7872
c:\recycler\S-1-5-21-7831377353-1919665971-206182662-7377
c:\recycler\S-1-5-21-7883095128-6900921598-325557795-6245
c:\recycler\S-1-5-21-7903447510-1657203299-210585285-2287
c:\recycler\S-1-5-21-7931982548-9818174083-419121010-0405
c:\recycler\S-1-5-21-7982250759-8560510225-643190816-1041
c:\recycler\S-1-5-21-7989351773-0856677262-368786028-0013
c:\recycler\S-1-5-21-8020720493-2449750075-542453956-2667
c:\recycler\S-1-5-21-8045570622-1335047900-070188189-4648
c:\recycler\S-1-5-21-8076643767-4993910290-973061741-7037
c:\recycler\S-1-5-21-8163507481-3804548749-864694436-4406
c:\recycler\S-1-5-21-8172742082-0136149570-749422404-1091
c:\recycler\S-1-5-21-8178859189-3052487880-723804577-8751
c:\recycler\S-1-5-21-8182100235-7517441157-401546683-6553
c:\recycler\S-1-5-21-8190331095-3169790568-848781312-4238
c:\recycler\S-1-5-21-8210653303-4843645056-091113596-7267
c:\recycler\S-1-5-21-8217475347-3648161950-050756690-3476
c:\recycler\S-1-5-21-8272259697-7493158663-703448102-1324
c:\recycler\S-1-5-21-8278690149-7363554540-841727740-8084
c:\recycler\S-1-5-21-8279129531-2634988845-674566028-5434
c:\recycler\S-1-5-21-8303808583-3294594814-487145263-6533
c:\recycler\S-1-5-21-8315799031-1074769189-796922316-8551
c:\recycler\S-1-5-21-8327982307-0915905282-458612988-2538
c:\recycler\S-1-5-21-8333308118-9869540191-898806741-9362
c:\recycler\S-1-5-21-8354299355-4762959030-101486958-6542
c:\recycler\S-1-5-21-8370653805-4155362132-278200710-6958
c:\recycler\S-1-5-21-8450227271-2655985964-525125335-1774
c:\recycler\S-1-5-21-8485960278-0208575699-491902579-1684
c:\recycler\S-1-5-21-8508808487-4596622904-977208414-4104
c:\recycler\S-1-5-21-8525751074-8723510191-506872234-5246
c:\recycler\S-1-5-21-8528822292-0985028764-274035209-8440
c:\recycler\S-1-5-21-8531203845-1432500751-715979330-9299
c:\recycler\S-1-5-21-8562278372-2129822536-202463861-2279
c:\recycler\S-1-5-21-8569399523-0623825946-094078858-0657
c:\recycler\S-1-5-21-8638677036-8711432064-900855479-1238
c:\recycler\S-1-5-21-8652849081-3414400550-536536784-9634
c:\recycler\S-1-5-21-8694239621-4888218078-144270620-4594
c:\recycler\S-1-5-21-8706022598-4584597822-912455316-7189
c:\recycler\S-1-5-21-8778419245-5594709271-969466116-2872
c:\recycler\S-1-5-21-8783822436-8544492185-081937893-9653
c:\recycler\S-1-5-21-8786510986-2078647141-566709840-1626
c:\recycler\S-1-5-21-8835369775-0941989544-816844630-3732
c:\recycler\S-1-5-21-8883031436-4370257376-504555597-0393
c:\recycler\S-1-5-21-8895544369-2308683558-884829649-0978
c:\recycler\S-1-5-21-8902187260-7846401707-004907393-7738
c:\recycler\S-1-5-21-8945679447-2561519324-000416438-1754
c:\recycler\S-1-5-21-8957128486-8156935456-621270725-0209
c:\recycler\S-1-5-21-8968003447-2736731836-641828306-0536
c:\recycler\S-1-5-21-8971730017-1677753737-206228903-7200
c:\recycler\S-1-5-21-9046454329-2280254150-041751760-7276
c:\recycler\S-1-5-21-9072127785-8832459611-666533866-4454
c:\recycler\S-1-5-21-9072277028-8818030438-741296383-7185
c:\recycler\S-1-5-21-9094579646-0081879527-382050397-5209
c:\recycler\S-1-5-21-9107601473-7329189503-776376730-0498
c:\recycler\S-1-5-21-9142115461-3589821039-973367510-0916
c:\recycler\S-1-5-21-9157394401-7281178760-576925057-9983
c:\recycler\S-1-5-21-9184591918-7420568519-018322936-9237
c:\recycler\S-1-5-21-9217599991-1783760328-007383179-3777
c:\recycler\S-1-5-21-9232172432-7733860648-448524629-1771
c:\recycler\S-1-5-21-9287748812-8447622287-565244058-7721
c:\recycler\S-1-5-21-9291473526-0352655225-383212162-8335
c:\recycler\S-1-5-21-9292483787-6437810181-904817877-6908
c:\recycler\S-1-5-21-9297718022-0588627360-627241481-9869
c:\recycler\S-1-5-21-9302113223-2205787836-629591723-7760
c:\recycler\S-1-5-21-9317317390-3604609087-898785459-3663
c:\recycler\S-1-5-21-9322142262-2050021812-449176986-7253
c:\recycler\S-1-5-21-9338906002-6021764919-070081037-7644
c:\recycler\S-1-5-21-9374602112-9600149989-202644167-2975
c:\recycler\S-1-5-21-9422364633-8732886818-699719758-1087
c:\recycler\S-1-5-21-9428783809-5630125539-367612359-3794
c:\recycler\S-1-5-21-9455219688-6007768816-409983400-7494
c:\recycler\S-1-5-21-9462087205-4518377025-331294205-7104
c:\recycler\S-1-5-21-9492705147-0782613565-428482058-1566
c:\recycler\S-1-5-21-9516952615-1349911143-548621456-0429
c:\recycler\S-1-5-21-9519284877-5217283838-370032033-1425
c:\recycler\S-1-5-21-9578927757-9050941057-747440273-3277
c:\recycler\S-1-5-21-9592611183-5964982015-144867910-9117
c:\recycler\S-1-5-21-9593938268-0677744441-566623157-5584
c:\recycler\S-1-5-21-9615850339-6138916320-867091038-5744
c:\recycler\S-1-5-21-9686594546-1514780486-722388312-3046
c:\recycler\S-1-5-21-9687955642-3489101540-264200006-1223
c:\recycler\S-1-5-21-9698544461-6874069211-224540287-4892
c:\recycler\S-1-5-21-9700307826-5413933352-412052927-8725
c:\recycler\S-1-5-21-9703211292-2030864203-629096491-2230
c:\recycler\S-1-5-21-9714894414-8469281988-787933916-2825
c:\recycler\S-1-5-21-9776674019-3747124262-844605754-4654
c:\recycler\S-1-5-21-9813765651-9832932510-507697295-3899
c:\recycler\S-1-5-21-9858718430-7972071611-775672856-0887
c:\recycler\S-1-5-21-9863871227-1929233600-402959362-4515
c:\recycler\S-1-5-21-9977914577-5023170883-030499491-4534
c:\recycler\S-1-5-21-9999972285-0303719615-064305603-8754
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

.
((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-26 09:50 . 2008-04-14 00:12 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2009-10-23 13:54 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-10-23 13:54 . 2001-08-17 12:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-10-23 13:39 . 2009-10-23 13:39 -------- d-----w- C:\_OTL
2009-10-23 13:30 . 2009-10-23 13:30 -------- d-----w- c:\program files\ERUNT
2009-10-20 11:12 . 2009-10-20 11:12 -------- d-----w- c:\program files\backups
2009-10-19 15:39 . 2009-10-19 15:39 102660 ----a-w- C:\SystemLook.exe
2009-10-19 15:01 . 2009-10-22 13:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-19 15:01 . 2009-10-19 15:01 -------- d-----w- c:\documents and settings\admin\Config.Msi
2009-10-19 12:45 . 2009-10-19 12:55 -------- d-----w- c:\documents and settings\admin\Documents and Settings
2009-10-19 12:45 . 2009-10-19 12:45 -------- d-----w- c:\documents and settings\admin\$AVG8.VAULT$
2009-10-19 12:45 . 2009-10-19 12:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-19 12:40 . 2008-11-21 01:30 587456 ----a-w- c:\windows\system32\XceedZip.dll
2009-10-19 12:40 . 2003-11-03 15:46 413696 ----a-w- c:\windows\system32\PolarCryptoLight.dll
2009-10-19 12:40 . 2009-10-19 15:01 -------- d-----w- c:\program files\Backup&Synchronize Pro
2009-10-16 12:11 . 2009-10-16 12:11 4002939 ----a-w- c:\program files\stock charlie nelson.zip
2009-10-16 09:27 . 2009-10-20 11:09 401720 ----a-w- c:\program files\HijackThis.exe
2009-10-16 08:49 . 2009-10-16 08:49 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-15 16:03 . 2009-10-08 22:21 1396264 ----a-w- C:\WindowsXP-KB948277-x86-ENU.exe
2009-10-15 11:13 . 2009-10-15 12:06 -------- dc-h--w- c:\windows\ie8
2009-10-15 10:32 . 2009-10-15 10:32 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\PCHealth
2009-10-08 13:51 . 2009-10-24 00:34 -------- d-----w- C:\$AVG8.VAULT$
2009-10-08 13:33 . 2009-10-08 13:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-08 13:33 . 2009-10-08 13:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-08 13:33 . 2009-10-08 13:33 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-08 13:33 . 2009-10-08 13:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-08 13:33 . 2009-10-26 09:41 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-08 13:33 . 2009-10-08 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-08 13:32 . 2009-10-08 13:32 -------- d-----w- c:\program files\AVG
2009-10-08 13:32 . 2009-10-26 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-08 13:18 . 2009-10-08 13:18 -------- d-----w- c:\documents and settings\admin\Application Data\AVG8
2009-10-01 09:51 . 2009-10-16 09:27 -------- d-----w- c:\documents and settings\admin\Application Data\HPAppData
2009-10-01 09:48 . 2009-10-01 09:48 -------- d-----w- c:\windows\Downloaded Installations
2009-10-01 09:34 . 2009-10-01 09:34 -------- d-sh--w- c:\documents and settings\admin\IECompatCache
2009-10-01 09:34 . 2009-10-01 09:34 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2009-10-01 09:31 . 2009-10-01 09:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-01 09:31 . 2009-10-01 09:31 -------- d-sh--w- c:\documents and settings\admin\IETldCache
2009-10-01 09:26 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-01 09:25 . 2009-10-16 08:51 -------- d-----w- c:\windows\ie8updates
2009-10-01 09:25 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-01 09:25 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-01 09:25 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-01 09:25 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-01 09:25 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-01 09:25 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 11:29 . 2009-10-20 11:29 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-14 08:55 . 2008-04-13 18:36 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-10-01 09:49 . 2009-05-08 09:51 -------- d-----w- c:\program files\HP
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 10:05 . 2009-08-29 10:05 -------- d-----w- c:\documents and settings\admin\Application Data\Apple Computer
2009-08-29 10:05 . 2009-08-29 10:04 -------- d-----w- c:\program files\iTunes
2009-08-29 10:05 . 2009-08-29 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-29 10:04 . 2009-08-29 10:04 -------- d-----w- c:\program files\iPod
2009-08-29 10:04 . 2009-08-29 10:04 -------- d-----w- c:\program files\Bonjour
2009-08-29 10:04 . 2009-07-21 15:12 -------- d-----w- c:\program files\QuickTime
2009-08-29 10:03 . 2009-08-29 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-29 10:03 . 2009-08-29 10:03 -------- d-----w- c:\program files\Apple Software Update
2009-08-29 10:02 . 2009-08-29 10:02 -------- d-----w- c:\program files\Common Files\Apple
2009-08-29 10:02 . 2009-08-29 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 08:32 . 2006-02-28 12:00 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-08 15:59 . 2009-05-08 09:57 25304 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 18:24 . 2009-02-12 16:05 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2009-02-12 16:05 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2009-02-12 16:05 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2008-10-16 14:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2009-02-12 16:05 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2006-02-28 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2009-02-12 16:05 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2009-02-12 16:05 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:44 . 2006-02-28 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-12-13 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-12-13 114688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-08 13:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/10/2009 13:33 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/10/2009 13:33 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/10/2009 13:32 297752]
R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [12/02/2009 16:22 296179]
R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [12/02/2009 16:22 231983]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-10-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-07-18 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.live.com/default.aspx?wa=wsignin1.0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\admin\Local Settings\Temporary Internet Files\Content.IE5\T5FQ1PTF\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 14:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-26 14:36
ComboFix-quarantined-files.txt 2009-10-26 14:36

Pre-Run: 70,351,851,520 bytes free
Post-Run: 70,933,954,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A479A8E62763F3125D83017CA1D9302D

#27 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 26 October 2009 - 09:15 AM

Hi Cheryl,

Download and save to your desktop Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please make an uninstall list
  • Start HijackThis
  • Click the Config button
  • Click the Misc Tools button
  • Click the Open Uninstall Manager button.
  • Click the Save list button and save it to your desktop.
When you press Save, a notepad will open with the contents. Copy/paste the contents of the notepad file in your next reply.

Please post back with
  • MBAM log
  • uninstall list

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#28 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 26 October 2009 - 10:31 AM

Thanks, here you go: Malwarebytes' Anti-Malware 1.41 Database version: 3036 Windows 5.1.2600 Service Pack 3 26/10/2009 16:15:41 mbam-log-2009-10-26 (16-15-41).txt Scan type: Quick Scan Objects scanned: 99226 Time elapsed: 3 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\SystemLook.exe (Trojan.Agent) -> Quarantined and deleted successfully. 32 Bit HP CIO Components Installer Adobe Flash Player 10 ActiveX Adobe Reader 8.1.3 Apple Mobile Device Support Apple Software Update AVG Free 8.5 Backup&Synchronize Pro Bonjour ERUNT 1.1j HijackThis 2.0.2 Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) HP Customer Participation Program 9.0 HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.01 HP Smart Web Printing HP Solution Center 9.0 HP Update HPSSupply Intel® Extreme Graphics Driver Intel® PRO Ethernet Adapter and Software iTunes Malwarebytes' Anti-Malware Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable MSXML 4.0 SP2 (KB954430) QuickTime Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) SigmaTel C-Major Audio Update for 2007 Microsoft Office System (KB967642) Update for Outlook 2007 Junk Email Filter (kb971933) Update for Windows Internet Explorer 8 (KB973874) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) Windows Internet Explorer 8 Windows XP Service Pack 3

#29 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 26 October 2009 - 11:25 AM

Hi Cheryl,

Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:OTL
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: *{6E6624DD-AB4A-45E9-B9B7-393CB62C45ED} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Settings]

:Files

:Commands
[start explorer]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.

Go here to run an online scannner from :
ESET

(Note: You must use Internet Explorer for this scan.)


*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. We will need this later.

Please post back with
  • OTL fix log
  • ESET log
  • new OTL log

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#30 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 27 October 2009 - 09:04 AM

I don't seem to be receiving a log after running the OTL fix. I have done it twice and it says it has to restart (as soon as I click fix) so it restarts and that's it, nothing else happens before or after the computer restarts. Can I go ahead with the scan?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users