Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92374 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] .exe files not running.


  • This topic is locked This topic is locked
38 replies to this topic

#16 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 25 November 2009 - 01:09 AM

My scan only gets to 8.4% and does not progress. :\ I think something is really wrong with my computer.

    Advertisements

Register to Remove


#17 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 25 November 2009 - 12:16 PM

Hello,
Sorry for the delay.

Please refrain from downloading and/or running any programs unless I specifically direct you to do so.

I need you to look for a log.

Please:
  • Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
  • Click on Explore
  • Click on Local Disk (C:) in the left-hand window pane
  • Look for ComboFix.txt in the right-hand window pane and right click on it
  • Put your cursor (arrow) on Open With
  • Move your cursor to the new menu that opens and click on Choose Program...
  • Click on Notepad

When file opens, Copy/Paste text here

Try to run ComboFix in Safe Mode.
To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    %SYSTEMDRIVE%\nvgts.sys /s /md5
    %SYSTEMDRIVE%\iastorv.sys /s /md5
    %SYSTEMDRIVE%\ViPrt.sys /s /md5
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    [list]
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.
Please make sure you include the following items in your next post:
1. The log that was produced after running ComboFix in safe mode.
2. The log that was produced after running OTL.
3. An update on how your computer is running.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#18 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 25 November 2009 - 01:52 PM

There is no ComboFix.txt there. Hmm. I am going away for a couple days for Thanksgiving, but I would like to keep this topic open.

#19 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 25 November 2009 - 02:07 PM

I will make sure that your thread doesn't get closed. I appreciate you letting me know that you will be away for a couple of days.

Lets continue:

Try to run ComboFix in Safe Mode.

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account


NEXT



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    %SYSTEMDRIVE%\nvgts.sys /s /md5
    %SYSTEMDRIVE%\iastorv.sys /s /md5
    %SYSTEMDRIVE%\ViPrt.sys /s /md5
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.



Please make sure you include the following items in your next post:


1. The log that was produced after running ComboFix in safe mode.
2. The logs that were produced after running OTL.
3. An update on how your computer is running.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#20 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 27 November 2009 - 05:43 PM

I tried to run ComboFix in Safemode, but it said on the blue screen, "Access Denied. Need Administartor privleges" or something similar. This was even after I ran in as administrator. Then I let it run anyway and it said attempting to create a restore point for literally 3 hours while I took a nap. I tried it in Normal mode, and it didn't say access denied, but it did say attempting to create restore point for a very long time then went nowhere.

I wasn't sure if you wanted me to run OTL in normal or safe mode, so I ran it in normal mode. It only gave me one log, not two. There was no extras.txt. Let me know what I am doing wrong here and what i need to do differently. Here is OTL.txt:

OTL logfile created on: 11/27/2009 6:18:00 PM - Run 2
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Users\HP_Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.82 Mb Total Physical Memory | 333.36 Mb Available Physical Memory | 34.80% Memory free
2.31 Gb Paging File | 1.54 Gb Available in Paging File | 66.54% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.03 Gb Total Space | 118.20 Gb Free Space | 52.76% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 0.55 Gb Free Space | 6.27% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\ComboFix.com\CF30971.cfxxe ()
PRC - C:\Users\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvamacpi) -- C:\Windows\system32\DRIVERS\NVAMACPI.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (nvnetbus) -- C:\Windows\System32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>;*.local

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/24 02:09:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/05 00:58:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/25 00:35:32 | 00,000,000 | ---D | M]

[2009/01/31 05:16:53 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Extensions
[2009/01/31 05:16:53 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2008/04/01 12:58:04 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8640yv7j.default\extensions
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{044FA143-992A-435f-95A5-39E25470F8F0}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{4a428302-5267-4749-bb22-459b3236695f}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2008/12/04 18:24:25 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\en-US@dictionaries.addons.mozilla.org
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\readeroo@monsur.com
[2009/11/16 14:19:56 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions
[2008/12/04 18:24:26 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
[2008/12/04 21:05:49 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2009/10/24 12:19:37 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/12 18:31:04 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/12/04 20:56:58 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2009/11/12 18:29:52 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/01/03 14:33:31 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2009/11/12 18:31:04 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\en-US@dictionaries.addons.mozilla.org
[2008/12/08 19:35:44 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\glasser@sixxgate.com
[2009/11/17 11:02:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/06 00:30:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/11/27 18:11:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/08/06 15:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/07/07 16:20:42 | 00,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 16:20:42 | 00,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/05/16 07:22:00 | 00,151,300 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\Windows\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\HP_Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: 16 range(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...IOS/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1166889208718 (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/12/09 10:19:51 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2009/11/27 18:16:31 | 00,000,000 | --SD | C] -- C:\ComboFix.com
[2009/11/27 18:15:48 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/27 14:58:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/27 14:58:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/27 14:58:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/27 14:58:12 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/27 14:58:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/27 14:38:37 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Users\HP_Administrator\Desktop\OTL.exe
[2009/11/25 12:47:37 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 11:58:26 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/25 01:21:17 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/11/24 23:56:07 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/11/24 23:56:07 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/11/24 23:56:06 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/11/24 23:56:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/11/24 23:56:02 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/11/23 19:53:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/11/17 11:01:54 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/17 11:01:54 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/17 11:01:54 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/12 18:32:13 | 00,000,000 | ---D | C] -- C:\Users\HP_Administrator\AppData\Roaming\QuickScan
[2009/11/10 16:02:15 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/10 16:01:42 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/04 10:04:17 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/30 13:59:00 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/10/30 08:21:00 | 00,000,000 | ---D | C] -- C:\Users\HP_Administrator\Desktop\Downloads
[2009/10/30 08:20:59 | 00,000,000 | ---D | C] -- C:\Users\HP_Administrator\AppData\Roaming\GetRightToGo
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/27 18:17:42 | 02,621,440 | -HS- | M] () -- C:\Users\HP_Administrator\NTUSER.DAT
[2009/11/27 18:04:23 | 00,120,096 | ---- | M] () -- C:\Users\HP_Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/27 18:04:06 | 00,002,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/27 18:04:06 | 00,002,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/27 18:04:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/27 18:03:57 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/27 18:03:52 | 10,050,84672 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/27 18:03:13 | 00,524,288 | -HS- | M] () -- C:\Users\HP_Administrator\NTUSER.DAT{96040ee2-c049-11de-8085-0018f39438e3}.TMContainer00000000000000000001.regtrans-ms
[2009/11/27 18:03:13 | 00,065,536 | -HS- | M] () -- C:\Users\HP_Administrator\NTUSER.DAT{96040ee2-c049-11de-8085-0018f39438e3}.TM.blf
[2009/11/27 15:01:02 | 00,414,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/27 14:38:43 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Users\HP_Administrator\Desktop\OTL.exe
[2009/11/27 14:33:55 | 03,577,870 | R--- | M] () -- C:\Users\HP_Administrator\Desktop\ComboFix.com.exe
[2009/11/24 23:56:29 | 00,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/11/24 23:52:14 | 30,909,992 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\avira_antivir_personal_en.exe
[2009/11/24 23:21:29 | 00,001,162 | ---- | M] () -- C:\Users\HP_Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/11/24 23:06:56 | 00,291,840 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\explorer.exe
[2009/11/23 21:20:58 | 00,047,616 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\Win32kDiag.exe
[2009/11/19 06:41:27 | 00,016,896 | ---- | M] () -- C:\Users\HP_Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 14:16:54 | 00,001,673 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/11/15 21:17:04 | 00,725,208 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/15 21:17:04 | 00,618,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/15 21:17:04 | 00,110,906 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/14 10:35:09 | 00,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/09 22:53:28 | 00,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/29 04:17:42 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/27 18:03:52 | 10,050,84672 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/27 14:58:12 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/27 14:58:12 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/27 14:58:12 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/24 23:56:29 | 00,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/11/24 23:47:56 | 30,909,992 | ---- | C] () -- C:\Users\HP_Administrator\Desktop\avira_antivir_personal_en.exe
[2009/11/24 23:27:17 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/24 23:27:17 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/24 23:21:29 | 00,001,162 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/11/24 23:16:17 | 03,577,870 | R--- | C] () -- C:\Users\HP_Administrator\Desktop\ComboFix.com.exe
[2009/11/24 16:14:22 | 00,291,840 | ---- | C] () -- C:\Users\HP_Administrator\Desktop\explorer.exe
[2009/11/23 21:52:59 | 00,047,616 | ---- | C] () -- C:\Users\HP_Administrator\Desktop\Win32kDiag.exe
[2009/11/16 14:16:54 | 00,001,673 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/10/27 22:21:47 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/27 22:19:08 | 00,000,680 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Local\d3d9caps.dat
[2009/10/24 19:06:39 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/23 22:05:20 | 00,000,760 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Roaming\setup_ldm.iss
[2008/12/04 22:54:32 | 00,016,896 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/18 16:32:54 | 00,000,022 | ---- | C] () -- C:\Windows\kodakpcd.ini
[2008/10/19 17:40:29 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/04 16:18:40 | 00,000,894 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Roaming\wklnhst.dat
[2008/04/02 12:19:01 | 00,000,277 | ---- | C] () -- C:\Windows\maketorrent.ini
[2007/09/25 20:34:54 | 00,000,033 | ---- | C] () -- C:\Windows\LVMMail.INI
[2007/06/21 20:48:25 | 00,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2007/05/10 09:30:01 | 00,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2007/05/10 09:26:45 | 00,000,780 | ---- | C] () -- C:\Windows\_delis32.ini
[2007/04/21 00:12:52 | 00,360,448 | ---- | C] () -- C:\Windows\lame_enc.dll
[2007/04/17 06:02:39 | 00,000,391 | ---- | C] () -- C:\Windows\COVERE~1.INI
[2007/04/16 21:47:24 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/02/07 18:45:12 | 00,000,031 | ---- | C] () -- C:\Windows\MCDB.ini
[2007/02/05 22:19:40 | 00,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2007/02/05 17:56:17 | 00,065,536 | ---- | C] () -- C:\Windows\System32\YCRWin32.dll
[2007/02/05 17:38:29 | 00,006,048 | ---- | C] () -- C:\Windows\System32\MCC16.dll
[2007/01/28 02:25:27 | 00,000,532 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2006/12/12 11:24:42 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/06 14:35:26 | 00,057,344 | ---- | C] () -- C:\Windows\System32\nicmgr.dll
[2006/08/16 13:47:38 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/07/31 22:09:54 | 00,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
[2006/07/31 21:43:50 | 00,028,848 | ---- | C] () -- C:\Windows\System32\drivers\USBkey.sys
[2006/07/31 21:36:06 | 00,014,317 | ---- | C] () -- C:\Windows\System32\CHODDI.SYS
[2006/07/31 21:35:49 | 00,045,056 | ---- | C] () -- C:\Windows\System32\hpreg.dll
[2006/07/31 21:32:28 | 00,000,202 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2006/07/31 21:20:08 | 00,000,056 | ---- | C] () -- C:\Windows\wininit.ini
[2006/07/31 21:19:27 | 00,000,698 | ---- | C] () -- C:\Windows\NSSetDefaultBrowser.ini
[2006/07/31 21:09:56 | 01,703,936 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2006/07/31 21:09:56 | 01,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2006/07/31 21:09:56 | 00,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2006/07/31 21:09:55 | 01,474,560 | ---- | C] () -- C:\Windows\System32\nview.dll
[2006/07/31 21:09:55 | 00,573,440 | ---- | C] () -- C:\Windows\System32\nvhwvid.dll
[2006/07/31 21:08:29 | 00,000,753 | ---- | C] () -- C:\Windows\orun32.ini
[2006/07/31 20:47:06 | 00,323,584 | ---- | C] () -- C:\Windows\System32\pythoncom22.dll
[2006/07/31 20:47:06 | 00,094,208 | ---- | C] () -- C:\Windows\System32\pywintypes22.dll
[2006/07/31 20:46:46 | 00,016,896 | ---- | C] () -- C:\Windows\System32\bcbmm.dll
[2006/02/19 12:28:56 | 00,012,288 | ---- | C] () -- C:\Windows\Fonts\RandFont.dll
[2005/07/15 13:35:56 | 00,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 13:35:56 | 00,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 13:35:24 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2004/09/16 22:24:26 | 03,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2004/07/26 09:51:38 | 00,000,560 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/03/01 16:30:12 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration RunOnce Task.job
[2006/11/02 08:09:53 | 00,000,484 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\$WINDOWS.~Q\DATA\WINDOWS\system32\drivers\iaStor.sys
[2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\Windows\System32\drivers\iaStor.sys
[2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_91b96e38\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2008/12/05 01:44:27 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/12/05 01:44:27 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/12/05 01:44:26 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMDRIVE%\nvgts.sys /s /md5 >

< %SYSTEMDRIVE%\iastorv.sys /s /md5 >
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

< %SYSTEMDRIVE%\ViPrt.sys /s /md5 >

========== Files - Unicode (All) ==========
[2008/12/04 18:24:37 | 00,000,000 | ---D | M](C:\Users\HP_Administrator\AppData\Roaming\???????sAppData) -- C:\Users\HP_Administrator\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2008/12/04 18:24:37 | 00,000,000 | ---D | M](C:\Users\HP_Administrator\AppData\Roaming\???????sAppData) -- C:\Users\HP_Administrator\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\HP_Administrator\AppData\Roaming\???????sAppData) -- C:\Users\HP_Administrator\AppData\Roaming\敎潲䍄敔灭慬整sAppData
< End of report >

#21 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 28 November 2009 - 12:59 AM

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform full scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Kaspersky Online Scanner
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

Note:
It is recommended to disable on board Anti-Virus program and Anti-Spyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident Anti-Virus protection along with whatever Anti-Spyware app you use.



Please do a scan with Kaspersky Online Scanner or from Here.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Once the scan is complete, click on View scan report To obtain the report:
  • Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop
  • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
  • Please post the Kaspersky Online Scanner Report in your reply.
Please make sure you include the following items in your next post:
1. The log that was produced after running MalwareBytes' Anti-Malware
2. The log that was produced after running the Kaspersky Online Scan.
3. An update on the status of your computer.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#22 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 28 November 2009 - 03:27 PM

Alright, I ran the MWB scan and have the log for you. I ran a Kapersky scan overnight, but I accidently clicked something that made it scan again, so I am running that again now. It might take a while, so I figured I would just post what I had. Also, after I restarted after the MalwareBytes scan, a new icon appeared in the bottom right-hand corner of the taskbar. When hovered over, it says, "Blocked startup programs." This was never there before, and I hadn't touched anything. Not sure what that is about, but I thought you should know. I will post the Kapersky results when it finishes. For now, here is the MalwareBytes log: Malwarebytes' Anti-Malware 1.41 Database version: 3247 Windows 6.0.6002 Service Pack 2 11/28/2009 3:42:40 AM mbam-log-2009-11-28 (03-42-40).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 295348 Time elapsed: 1 hour(s), 27 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\HP_Administrator\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#23 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 28 November 2009 - 03:45 PM

Once the Kaspersky scan has completed, we can address the icon issue:


Also, after I restarted after the MalwareBytes scan, a new icon appeared in the bottom right-hand corner of the taskbar. When hovered over, it says, "Blocked startup programs." This was never there before, and I hadn't touched anything. Not sure what that is about, but I thought you should know.


According to the information that I found on the MalwareBytes' Anti-Malware Support Forum this is a known bug that is scheduled to be fixed in the next version.

To fix this issue please do the following:

Back-Up Registry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Open Notepad

Click Start > Run type notepad into the run box click OK
Click Format and make certain that Word Wrap is NOT checked.

Copy the text inside of the code box, Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Now paste the copied text into the open notepad. Press CTRL+V (or right click and choose 'paste')

Note: There must be NO
blank lines in front of the pasted text, but ensure that there is a
blank line at the end of the text, otherwise the registry merge will
not work.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"=-

Now go to File > and click Save As,
From the drop down menu at the top of the box choose Desktop as the location to save this file.
Go down to the File Name box and type in fixme.reg as the file name, then choose All Files as the save as file type.
Then click the save button.
Once you have clicked the save button, close Notepad.

You should now see a file on your desktop that looks like this:

Posted Image

Locate the fixme.reg
icon on your desktop and double click it, an information box will pop
up asking if you want to merge the information in the file into the
registry, click YES.

Once the file has run, the information will have merged with your registry so you can delete fixme.reg from your desktop as you won't be needing it anymore.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#24 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 28 November 2009 - 04:08 PM

This may sound dumb, but I'm not totally sure where to type this: regedit /e c:\registrybackup.reg Do I type that into the search box? If so, I did that, and I got up until the point where you told me to copy the text inside the code box, but I have no idea where that is found.

#25 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 28 November 2009 - 04:18 PM

KateetaK, For the time being lets hold up on fixing the issue with MalwareBytes' Anti-Malware. We will come back to this issue after the Kaspersky scan is done scanning your computer.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image

    Advertisements

Register to Remove


#26 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 28 November 2009 - 04:20 PM

Alright. I will wait until that finishes. It's taking an awful long time. Actually, out of nowhere, something called BitDefender starting running. I saved that log just in case. I don't know what that is.

#27 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 28 November 2009 - 04:51 PM

Does anyone else have access to your computer? If they do is it possible that they are maybe downloading programs and running scans with those programs??

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#28 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 28 November 2009 - 05:42 PM

No. I am the only one who uses this computer. It was weird. That scan just came out of nowhere and was very short. It said no infections found, so I'm not sure what happened. Anyway, I am still running the Kapersky scan. It is at 57%. The computer is running very slow, so I am trying to stay off of it until the scan has completed. I will post it immediately after it finishes.

#29 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 28 November 2009 - 06:58 PM

Here are the results of the Kapersky scan: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, November 28, 2009 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, November 28, 2009 19:25:27 Records in database: 3305321 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 166941 Threats found: 3 Infected objects found: 5 Suspicious objects found: 0 Scan duration: 04:33:26 File name / Threat / Threats count C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1 C:\Users\HP_Administrator\Documents\My Received Files\mirc621.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 D:\I386\APPS\APP02906\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1 D:\I386\APPS\APP02906\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1 Selected area has been scanned.

#30 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 28 November 2009 - 09:16 PM

Could you please provide me with that log from the BitDefender Scan?

Also, after I restarted after the MalwareBytes scan, a new icon appeared in the bottom right-hand corner of the taskbar. When hovered over, it says, "Blocked startup programs." This was never there before, and I hadn't touched anything. Not sure what that is about, but I thought you should know.


According to the information that I found on the MalwareBytes' Anti-Malware Support Forum this is a known bug that is scheduled to be fixed in the next version.

To fix this issue please do the following:

Back-Up Registry
First, we need to backup your registry:
On your keyboard press the Windows key + R
This should display the Run box.
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Open Notepad

Click Start > Run type notepad into the run box click OK
Click Format and make certain that Word Wrap is NOT checked.

Copy the text inside of the code box, Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Now paste the copied text into the open notepad. Press CTRL+V (or right click and choose 'paste')

Note: There must be NO
blank lines in front of the pasted text, but ensure that there is a
blank line at the end of the text, otherwise the registry merge will
not work.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"=-

Now go to File > and click Save As,
From the drop down menu at the top of the box choose Desktop as the location to save this file.
Go down to the File Name box and type in fixme.reg as the file name, then choose All Files as the save as file type.
Then click the save button.
Once you have clicked the save button, close Notepad.

You should now see a file on your desktop that looks like this:

Posted Image

Locate the fixme.reg
icon on your desktop and double click it, an information box will pop
up asking if you want to merge the information in the file into the
registry, click YES.

Once the file has run, the information will have merged with your registry so you can delete fixme.reg from your desktop as you won't be needing it anymore.

Re-Scanning with DDS
Please re-run DDS by sUBs.
Make sure to pay attention to the directions below:
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by doing the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
Please make sure you include the following items in your next post:
1. The log from the BitDefender Scan.
2. The logs that were produced after running DDS. (DDS.txt & Attach.txt)
3. Are you experiencing any outstanding issues with your PC?

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users