Redirecting virus and won't let MS Security Essentials start

Posted 8/15/2011 3:11 AM
#92133
User avatar

Ytee Member

Date Joined Nov 2016
Total Posts: 3
Hi, <br/>I need help. Got a sneaky virus problem.... <br/> <br/>Running Windows XP SP3 on my father's computer. He has been infected with something as Microsoft Security Essentials no longer starts and the security service keeps getting disabled. When surfing he is often getting redirected to random (some porn type) sites (that's what tipped me off that there was a problem.) System restore has no restore points before the problem started too. <br/> <br/>I have scanned with Microsoft Security Essentials in safe mode and nothing reported. TDSS Killer, nothing found. Trend Micro Rootkit Buster found nothing. Malwarebytes, nothing, SpyBot S&D reports nothing but it can't just be nothing. All users accounts appear affected. <br/> <br/>Attached is log file from HiJackThis. Any help is appreciated. I have to try to fix this remotely so a reload is a serious challenge. <br/> <br/>Thanks <br/>Steve <br/> <br/>Hi JackThis Log info: <br/>Logfile of Trend Micro HijackThis v2.0.4 <br/>Scan saved at 8:05:53 PM, on 8/14/2011 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18702) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\Ati2evxx.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\system32\rundll32.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe <br/>C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\TeamViewer\Version5\TeamViewer_Desktop.exe <br/>C:\WINDOWS\Explorer.EXE <br/>c:\program files\teamviewer\version5\TeamViewer.exe <br/>C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe <br/>C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe <br/>C:\Program Files\Analog Devices\Core\smax4pnp.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe <br/>C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe <br/>C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe <br/>C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe <br/>C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe <br/>C:\Program Files\Common Files\Java\Java Update\jusched.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe <br/>C:\Program Files\FinePixViewer\QuickDCF2.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\HijackThis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=50989 <br/>F2 - REG:system.ini: UserInit=userinit.exe <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <br/>O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" <br/>O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r <br/>O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" <br/>O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k <br/>O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1 <br/>O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe <br/>O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" <br/>O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM') <br/>O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user') <br/>O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? <br/>O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe <br/>O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <br/>O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html <br/>O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html <br/>O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html <br/>O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html <br/>O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html <br/>O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab <br/>O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab <br/>O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - <br/>O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab <br/>O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx <br/>O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{654E3842-23C6-49AC-BF80-171343F9AF49}: NameServer = 208.67.222.222,208.67.220.220 <br/>O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll <br/>O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll <br/>O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe <br/>O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe <br/>O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe <br/>O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe <br/> <br/>-- <br/>End of file - 11376 bytes
Post attachments:
Posted 8/16/2011 9:25 AM
#92141
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
Hi, <br/> <br/>Also download and run ComboFix and OTL and post the logfiles. <br/> <br/>1. Please download ComboFix by sUBs: <br/>http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/>STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. <br/>Double click combofix.exe & follow the prompts. <br/>When finished, it will produce a log. Please save that log and attach it in your next reply. <br/>Note: <br/>Do not mouse-click combofix's window while it is running. That may cause it to stall. <br/> <br/>ComboFix tutorial: <br/>http://www.bleepingcomputer.com/combofix/how-to-use-combofix <br/> <br/> <br/>2. Download OTL, save to Desktop or other convenient location. <br/>http://oldtimer.geekstogo.com/OTL.exe <br/>OTL does not need to be installed, simply click the OTL icon to run <br/>Click the Quick Scan Button. <br/>A log will open in notepad, and OTL.txt will be saved to the same location as OTL.exe (i.e.: desktop) <br/>Post/attach the log here.
* You may pm me if you're still waiting for my follow-up post.
Posted 8/16/2011 5:58 PM
#92144
User avatar

Ytee Member

Date Joined Nov 2016
Total Posts: 3
Ok, I ran ComboFix and OTL. Logs are below. Let me know what you see and what I should do next. <br/>Thanks! :) <br/> <br/> <br/>ComboFix 11-08-16.02 - Spook 08/16/2011 9:37.1.2 - x86 <br/>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2826 [GMT -7:00] <br/>Running from: c:\otl\ComboFix.exe <br/>AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>c:\documents and settings\Rita.DENNIS-A156D710\Local Settings\Application Data\{ED192DAF-94B3-4B1B-AFD3-B6F5549553D5} <br/>c:\documents and settings\Rita.DENNIS-A156D710\Local Settings\Application Data\{ED192DAF-94B3-4B1B-AFD3-B6F5549553D5}\chrome.manifest <br/>c:\documents and settings\Rita.DENNIS-A156D710\Local Settings\Application Data\{ED192DAF-94B3-4B1B-AFD3-B6F5549553D5}\chrome\content\_cfg.js <br/>c:\documents and settings\Rita.DENNIS-A156D710\Local Settings\Application Data\{ED192DAF-94B3-4B1B-AFD3-B6F5549553D5}\chrome\content\overlay.xul <br/>c:\documents and settings\Rita.DENNIS-A156D710\Local Settings\Application Data\{ED192DAF-94B3-4B1B-AFD3-B6F5549553D5}\install.rdf <br/>c:\documents and settings\Spook\Application Data\Adobe\AdobeUpdate .exe <br/>c:\documents and settings\Spook\Application Data\Adobe\plugs <br/>C:\drvrtmp <br/>c:\windows\system32\drivers\sst48.sys <br/>c:\windows\system32\drivers\sst48.tmp <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2011-08-16 16:29 . 2011-08-16 16:29 -------- d-----w- C:\OTL <br/>2011-08-15 03:25 . 2011-08-15 03:25 2002240 ----a-w- C:\HousecallLauncher.exe <br/>2011-08-15 02:58 . 2011-08-15 03:03 -------- d-----w- C:\TMRBLog <br/>2011-08-15 02:58 . 2011-08-15 02:58 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys <br/>2011-08-14 07:50 . 2011-08-14 07:50 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE <br/>2011-08-14 07:48 . 2011-08-15 04:51 -------- d-----w- C:\HijackThis <br/>2011-08-14 07:44 . 2011-08-14 07:44 -------- d-----w- C:\log <br/>2011-08-14 07:42 . 2010-12-08 01:05 2486352 ----a-w- C:\RootkitBuster.exe <br/>2011-08-14 06:13 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{012324CE-9580-46A5-901B-78D929EC97A5}\mpengine.dll <br/>2011-08-14 06:11 . 2011-08-14 06:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer <br/>2011-08-14 04:39 . 2011-08-14 04:39 -------- d-----w- c:\windows\system32\wbem\Repository <br/>2011-08-14 04:36 . 2011-08-14 04:36 -------- d-----w- c:\program files\Windows Defender <br/>2011-08-11 04:08 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys <br/>2011-08-11 04:03 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys <br/>2011-07-28 23:40 . 2011-07-28 23:40 66048 --sha-r- c:\windows\system32\vssapi5.dll <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2011-07-15 13:29 . 2004-08-12 14:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys <br/>2011-07-13 03:39 . 2011-03-14 15:55 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll <br/>2011-07-08 14:02 . 2004-08-12 14:01 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys <br/>2011-07-07 02:52 . 2009-06-26 00:04 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2011-07-07 02:52 . 2009-06-26 00:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2011-06-24 14:10 . 2005-11-18 03:47 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys <br/>2011-06-23 18:36 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll <br/>2011-06-23 18:36 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll <br/>2011-06-23 18:36 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl <br/>2011-06-23 12:05 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec <br/>2011-06-20 17:44 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll <br/>2011-06-02 14:02 . 2004-08-12 14:09 1858944 ------w- c:\windows\system32\win32k.sys <br/>2011-05-25 02:14 . 2009-10-02 19:14 222080 ------w- c:\windows\system32\MpSigStub.exe <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] <br/>"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144] <br/>"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] <br/>"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-30 39408] <br/>"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] <br/>"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] <br/>"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] <br/>"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888] <br/>"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904] <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] <br/>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160] <br/>"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344] <br/>"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] <br/>"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368] <br/>"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400] <br/>"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] <br/>. <br/>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] <br/>. <br/>c:\documents and settings\Spook\Start Menu\Programs\Startup\ <br/>Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] <br/>. <br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-11-11 25214] <br/>AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872] <br/>ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-8-22 303104] <br/>Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] <br/>. <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] <br/>BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1 <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] <br/>@="Service" <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] <br/>@="Service" <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Messenger\\msmsgs.exe"= <br/>"c:\\Program Files\\TightVNC\\WinVNC.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"= <br/>"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= <br/>"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= <br/>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= <br/>"c:\\Program Files\\FrostWire\\FrostWire.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] <br/>"5900:TCP"= 5900:TCP:VNC Port <br/>. <br/>R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [10/19/2010 5:29 AM 2011944] <br/>R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 2:38 AM 92008] <br/>S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/29/2009 9:11 PM 133104] <br/>S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/29/2009 9:11 PM 133104] <br/>S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2011-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job <br/>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50] <br/>. <br/>2011-08-16 c:\windows\Tasks\Google Software Updater.job <br/>- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-30 04:15] <br/>. <br/>2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 04:11] <br/>. <br/>2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 04:11] <br/>. <br/>2011-08-16 c:\windows\Tasks\HP WEP.job <br/>- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 21:28] <br/>. <br/>2011-08-15 c:\windows\Tasks\MP Scheduled Scan.job <br/>- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26] <br/>. <br/>2011-08-16 c:\windows\Tasks\User_Feed_Synchronization-{34CEAAE8-A0E0-4845-8BFA-62E04DBCF38E}.job <br/>- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://www.google.ca/ig?hl=en <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>mSearch Bar = hxxp://www.google.com/ie <br/>uInternet Settings,ProxyOverride = *.local <br/>uSearchAssistant = hxxp://www.google.com/ie <br/>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s <br/>IE: Convert link target to Adobe PDF <br/>IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html <br/>IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html <br/>IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html <br/>IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html <br/>IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 <br/>IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html <br/>TCP: DhcpNameServer = 192.168.1.254 <br/>TCP: Interfaces\{654E3842-23C6-49AC-BF80-171343F9AF49}: NameServer = 208.67.222.222,208.67.220.220 <br/>. <br/>. <br/>------- File Associations ------- <br/>. <br/>.scr=AutoCADScriptFile <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe <br/>HKU-Default-Run-Symantec NetDriver Warning - c:\progra~1\SYMNET~1\SNDWarn.exe <br/>Notify-NavLogon - (no file) <br/>. <br/>. <br/>. <br/>************************************************************************** <br/>. <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2011-08-16 10:36 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/>. <br/>scanning hidden processes ... <br/>. <br/>scanning hidden autostart entries ... <br/>. <br/>scanning hidden files ... <br/>. <br/>scan completed successfully <br/>hidden files: 0 <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2011-08-16 10:39:15 <br/>ComboFix-quarantined-files.txt 2011-08-16 17:39 <br/>. <br/>Pre-Run: 112,452,820,992 bytes free <br/>Post-Run: 113,994,387,456 bytes free <br/>. <br/>WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe <br/>[boot loader] <br/>timeout=2 <br/>default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS <br/>[operating systems] <br/>c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons <br/>UnsupportedDebug="do not select this" /debug <br/>multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn <br/>. <br/>- - End Of File - - 1226AAB89CE2FA1D4C9DF6891B0B5611 <br/> <br/> <br/>OTL: <br/> <br/>OTL logfile created on: 8/16/2011 10:49:56 AM - Run 1 <br/>OTL by OldTimer - Version 3.2.26.4 Folder = C:\OTL <br/>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation <br/>Internet Explorer (Version = 8.0.6001.18702) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>3.25 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 82.84% Memory free <br/>7.09 Gb Paging File | 6.80 Gb Available in Paging File | 95.80% Paging File free <br/>Paging file location(s): C:\pagefile.sys 4096 4096 [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files <br/>Drive C: | 149.00 Gb Total Space | 106.19 Gb Free Space | 71.27% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: DENNIS-A156D710 | User Name: Spook | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: Current user | Quick Scan <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Processes (SafeList) ==========[/color] <br/> <br/>PRC - [2011/08/15 09:07:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL\OTL.exe <br/>PRC - [2010/10/19 05:29:08 | 001,881,384 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version5\TeamViewer_Desktop.exe <br/>PRC - [2010/10/19 05:29:02 | 006,917,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe <br/>PRC - [2010/10/19 05:29:02 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe <br/>PRC - [2010/08/24 02:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe <br/>PRC - [2010/08/24 02:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe <br/>PRC - [2010/06/16 14:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe <br/>PRC - [2009/09/22 12:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE <br/>PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe <br/>PRC - [2007/01/30 12:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe <br/>PRC - [2006/10/12 16:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe <br/> <br/> <br/>[color=#E56717]========== Modules (No Company Name) ==========[/color] <br/> <br/>MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll <br/>MOD - [2010/06/16 14:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe <br/>MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll <br/>MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll <br/>MOD - [2007/02/16 20:01:00 | 000,081,920 | ---- | M] () -- C:\Program Files\FinePixViewer\wia_register_event.dll <br/> <br/> <br/>[color=#E56717]========== Win32 Services (SafeList) ==========[/color] <br/> <br/>SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) <br/>SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) <br/>SRV - [2010/10/19 05:29:02 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) <br/>SRV - [2010/08/24 02:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) <br/>SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) <br/>SRV - [2005/12/24 23:01:52 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) <br/> <br/> <br/>[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) <br/>DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) <br/>DRV - [2004/08/25 14:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) <br/>DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) <br/>DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) <br/>DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) <br/>DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) <br/>DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI) <br/>DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT) <br/> <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie <br/> <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 1A A5 BD CB 76 CB 01 [binary data] <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie <br/>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local <br/> <br/>[color=#E56717]========== FireFox ==========[/color] <br/> <br/>FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7 <br/>FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 <br/> <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () <br/>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll (Google) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) <br/> <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{131F8778-548F-47F5-B8EF-EEBCAC9A19E2}: C:\Documents and Settings\Spook\Local Settings\Application Data\{131F8778-548F-47F5-B8EF-EEBCAC9A19E2} <br/> <br/>[2008/06/08 11:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Spook\Application Data\Mozilla\Extensions <br/>[2008/06/08 11:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Spook\Application Data\Mozilla\Extensions\home2@tomtom.com <br/>[2010/10/08 22:24:35 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM <br/> <br/>O1 HOSTS File: ([2011/08/16 10:36:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts <br/>O1 - Hosts: 127.0.0.1 localhost <br/>O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) <br/>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. <br/>O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) <br/>O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. <br/>O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. <br/>O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) <br/>O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) <br/>O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe () <br/>O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) <br/>O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) <br/>O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe () <br/>O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) <br/>O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) <br/>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () <br/>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc) <br/>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation) <br/>O4 - Startup: C:\Documents and Settings\Spook\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) <br/>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.) <br/>O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) <br/>O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) <br/>O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) <br/>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool) <br/>O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab (Windows Live Safety Center Base Module) <br/>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) <br/>O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) <br/>O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) <br/>O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) <br/>O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) <br/>O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) <br/>O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) <br/>O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) <br/>O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) <br/>O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) <br/>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) <br/>O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.) <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) <br/>O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) <br/>O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control) <br/>O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 <br/>O24 - Desktop WallPaper: C:\Documents and Settings\Spook\Local Settings\Application Data\Microsoft\Wallpaper1.bmp <br/>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Spook\Local Settings\Application Data\Microsoft\Wallpaper1.bmp <br/>O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) <br/>O32 - HKLM CDRom: AutoRun - 1 <br/>O32 - AutoRun File - [2005/11/17 20:50:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] <br/>O34 - HKLM BootExecute: (autocheck autochk *) - File not found <br/>O34 - HKLM BootExecute: (pgdfgsvc C 1) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com) <br/>O35 - HKLM\..comfile [open] -- "%1" %* <br/>O35 - HKLM\..exefile [open] -- "%1" %* <br/>O37 - HKLM\...com [@ = ComFile] -- "%1" %* <br/>O37 - HKLM\...exe [@ = exefile] -- "%1" %* <br/> <br/>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] <br/> <br/>[2011/08/16 09:35:14 | 000,000,000 | RHSD | C] -- C:\cmdcons <br/>[2011/08/16 09:32:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe <br/>[2011/08/16 09:32:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe <br/>[2011/08/16 09:32:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe <br/>[2011/08/16 09:32:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe <br/>[2011/08/16 09:31:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT <br/>[2011/08/16 09:31:54 | 000,000,000 | ---D | C] -- C:\Qoobox <br/>[2011/08/16 09:29:40 | 000,000,000 | ---D | C] -- C:\OTL <br/>[2011/08/14 20:25:18 | 002,002,240 | ---- | C] (Trend Micro Inc.) -- C:\HousecallLauncher.exe <br/>[2011/08/14 19:58:59 | 000,000,000 | ---D | C] -- C:\TMRBLog <br/>[2011/08/14 19:58:48 | 000,056,400 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys <br/>[2011/08/14 00:48:09 | 000,000,000 | ---D | C] -- C:\HijackThis <br/>[2011/08/14 00:44:06 | 000,000,000 | ---D | C] -- C:\log <br/>[2011/08/14 00:42:38 | 002,486,352 | ---- | C] (Trend Micro Inc.) -- C:\RootkitBuster.exe <br/>[2011/08/13 21:48:31 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Spook\Desktop\mbam-setup-1.51.1.1800.exe <br/>[2011/08/13 21:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender <br/>[2011/08/13 21:06:38 | 000,000,000 | ---D | C] -- C:\Config.Msi <br/>[2005/11/18 20:23:23 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll <br/>[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] <br/>[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2011/08/16 10:46:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job <br/>[2011/08/16 10:36:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts <br/>[2011/08/16 09:35:18 | 000,000,329 | RHS- | M] () -- C:\boot.ini <br/>[2011/08/16 08:31:55 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34CEAAE8-A0E0-4845-8BFA-62E04DBCF38E}.job <br/>[2011/08/16 06:54:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job <br/>[2011/08/15 23:43:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job <br/>[2011/08/15 21:46:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job <br/>[2011/08/15 18:40:22 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk <br/>[2011/08/15 18:40:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl <br/>[2011/08/14 22:27:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat <br/>[2011/08/14 20:25:35 | 002,002,240 | ---- | M] (Trend Micro Inc.) -- C:\HousecallLauncher.exe <br/>[2011/08/14 19:58:48 | 000,056,400 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys <br/>[2011/08/14 19:47:20 | 000,471,654 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat <br/>[2011/08/14 19:47:20 | 000,083,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat <br/>[2011/08/14 19:44:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK <br/>[2011/08/14 19:40:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job <br/>[2011/08/13 23:10:12 | 000,000,213 | ---- | M] () -- C:\Boot.bak <br/>[2011/08/13 21:50:00 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk <br/>[2011/08/13 21:49:30 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk <br/>[2011/08/13 21:48:31 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Spook\Desktop\mbam-setup-1.51.1.1800.exe <br/>[2011/08/13 21:03:25 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif <br/>[2011/08/11 16:33:00 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Spook\Desktop\TDSSKiller.exe <br/>[2011/07/28 16:40:18 | 000,066,048 | RHS- | M] () -- C:\WINDOWS\System32\vssapi5.dll <br/>[2011/07/21 23:09:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job <br/>[2011/07/21 17:58:24 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Spook\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini <br/>[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] <br/>[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files Created - No Company Name ==========[/color] <br/> <br/>[2011/08/16 09:35:18 | 000,000,213 | ---- | C] () -- C:\Boot.bak <br/>[2011/08/16 09:35:15 | 000,260,272 | RHS- | C] () -- C:\cmldr <br/>[2011/08/16 09:32:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe <br/>[2011/08/16 09:32:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe <br/>[2011/08/16 09:32:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe <br/>[2011/08/16 09:32:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe <br/>[2011/08/16 09:32:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe <br/>[2011/08/15 18:50:21 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job <br/>[2011/08/13 23:16:48 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job <br/>[2011/07/28 16:40:18 | 000,066,048 | RHS- | C] () -- C:\WINDOWS\System32\vssapi5.dll <br/>[2011/01/05 20:33:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat <br/>[2010/12/18 17:48:05 | 000,077,320 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat <br/>[2010/10/17 18:25:19 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\avCmpLib.dll <br/>[2010/10/17 18:25:19 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll <br/>[2010/10/17 18:25:09 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\DwgViewer2.dll <br/>[2010/09/15 22:12:11 | 000,000,330 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI <br/>[2010/08/20 19:33:41 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\bawuho.dat <br/>[2008/12/24 15:56:32 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI <br/>[2008/12/24 15:35:49 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\esfw52.bin <br/>[2008/06/29 19:09:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll <br/>[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll <br/>[2007/12/25 12:30:09 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL <br/>[2007/12/25 12:30:08 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini <br/>[2007/08/06 13:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll <br/>[2007/03/11 13:47:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI <br/>[2006/12/07 13:58:14 | 000,000,051 | ---- | C] () -- C:\WINDOWS\dbghist.ini <br/>[2006/12/06 18:53:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FxSetDll.INI <br/>[2006/11/11 21:50:36 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Spook\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini <br/>[2005/12/24 23:48:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini <br/>[2005/12/24 23:21:37 | 000,000,300 | ---- | C] () -- C:\WINDOWS\3DHOME.INI <br/>[2005/12/24 22:19:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI <br/>[2005/11/27 01:03:26 | 000,000,690 | ---- | C] () -- C:\WINDOWS\dellstat.ini <br/>[2005/11/18 20:23:52 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe <br/>[2005/11/18 20:23:23 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe <br/>[2005/11/18 20:23:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll <br/>[2005/11/17 20:52:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat <br/>[2005/11/17 20:48:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat <br/>[2005/11/17 12:42:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI <br/>[2005/11/17 12:41:26 | 000,360,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT <br/>[2004/09/22 11:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini <br/>[2004/08/12 07:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat <br/>[2004/08/12 07:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin <br/>[2004/08/12 07:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat <br/>[2004/08/12 07:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat <br/>[2004/08/12 07:03:20 | 000,471,654 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat <br/>[2004/08/12 07:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat <br/>[2004/08/12 07:03:19 | 000,083,822 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat <br/>[2004/08/12 07:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat <br/>[2004/08/12 06:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat <br/>[2004/08/12 06:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin <br/>[2004/08/12 06:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat <br/>[2004/08/12 06:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin <br/> <br/>[color=#E56717]========== LOP Check ==========[/color] <br/> <br/>[2005/12/24 23:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk <br/>[2005/11/27 01:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software <br/>[2008/06/08 11:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom <br/>[2010/11/03 19:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} <br/>[2006/11/11 22:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spook\Application Data\Autodesk <br/>[2008/12/27 16:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spook\Application Data\EPSON <br/>[2011/04/08 12:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spook\Application Data\FrostWire <br/>[2009/08/22 21:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spook\Application Data\FUJIFILM <br/>[2007/04/30 18:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spook\Application Data\Leadertech <br/>[2008/08/13 16:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spook\Application Data\LimeWire <br/>[2010/07/28 13:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spook\Application Data\OpenDNS Updater <br/>[2011/03/11 22:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spook\Application Data\TeamViewer <br/>[2007/12/25 22:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spook\Application Data\TomTom <br/>[2010/10/17 18:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spook\Application Data\Wirsbo <br/>[2011/08/14 19:40:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job <br/>[2011/08/16 08:31:55 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{34CEAAE8-A0E0-4845-8BFA-62E04DBCF38E}.job <br/> <br/>[color=#E56717]========== Purity Check ==========[/color] <br/> <br/> <br/> <br/>< End of report > <br/> <br/> <br/>OTL EXTRAS Test file (not sure if you needed this one but it was created when I ran OTL) <br/> <br/> <br/>OTL Extras logfile created on: 8/16/2011 10:49:56 AM - Run 1 <br/>OTL by OldTimer - Version 3.2.26.4 Folder = C:\OTL <br/>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation <br/>Internet Explorer (Version = 8.0.6001.18702) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>3.25 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 82.84% Memory free <br/>7.09 Gb Paging File | 6.80 Gb Available in Paging File | 95.80% Paging File free <br/>Paging file location(s): C:\pagefile.sys 4096 4096 [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files <br/>Drive C: | 149.00 Gb Total Space | 106.19 Gb Free Space | 71.27% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: DENNIS-A156D710 | User Name: Spook | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: Current user | Quick Scan <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Extra Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== File Associations ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* <br/>.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l <br/> <br/>[color=#E56717]========== Shell Spawning ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* <br/>exefile [open] -- "%1" %* <br/>InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation) <br/> <br/>[color=#E56717]========== Security Center Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/>"FirstRunDisabled" = 1 <br/>"AntiVirusDisableNotify" = 0 <br/>"FirewallDisableNotify" = 0 <br/>"UpdatesDisableNotify" = 0 <br/>"AntiVirusOverride" = 0 <br/>"FirewallOverride" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] <br/> <br/>[color=#E56717]========== System Restore Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] <br/>"DisableSR" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] <br/>"Start" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] <br/>"Start" = 2 <br/> <br/>[color=#E56717]========== Firewall Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] <br/>"EnableFirewall" = 1 <br/>"DisableNotifications" = 0 <br/>"DoNotAllowExceptions" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] <br/>"EnableFirewall" = 1 <br/>"DoNotAllowExceptions" = 0 <br/>"DisableNotifications" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] <br/>"5900:TCP" = 5900:TCP:*:Enabled:VNC Port <br/>"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900 <br/> <br/>[color=#E56717]========== Authorized Applications List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] <br/>"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) <br/>"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] <br/>"C:\Program Files\TightVNC\WinVNC.exe" = C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:Launch TightVNC Server -- (TightVNC Group) <br/>"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited) <br/>"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) <br/>"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) <br/>"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group) <br/> <br/> <br/>[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR <br/>"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking <br/>"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager <br/>"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel <br/>"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 <br/>"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch <br/>"{18525F55-9B32-4D49-BF03-D53B17A49D97}" = DellConnect <br/>"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool <br/>"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email <br/>"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD <br/>"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT <br/>"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 <br/>"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5 <br/>"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26 <br/>"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant <br/>"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support <br/>"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform <br/>"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP <br/>"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant <br/>"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager <br/>"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials <br/>"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager <br/>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater <br/>"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime <br/>"{5783F2D7-4001-0409-0002-0060B0CE6BBA}" = AutoCAD 2006 - English <br/>"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist <br/>"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 <br/>"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 <br/>"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 <br/>"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari <br/>"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware <br/>"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client <br/>"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com <br/>"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply <br/>"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore <br/>"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition <br/>"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes <br/>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight <br/>"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer <br/>"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules <br/>"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system <br/>"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002 <br/>"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage <br/>"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix <br/>"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting <br/>"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! <br/>"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender <br/>"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI <br/>"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 <br/>"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures <br/>"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel <br/>"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking <br/>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper <br/>"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional <br/>"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5 <br/>"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth <br/>"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy <br/>"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource <br/>"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger <br/>"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0 <br/>"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 <br/>"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update <br/>"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 <br/>"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album <br/>"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 <br/>"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD <br/>"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio <br/>"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call <br/>"{E8010B32-BB8F-4600-9FB7-FDF16A69F1D8}" = hppusgP1500 <br/>"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 <br/>"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts <br/>"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0 <br/>"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support <br/>"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX <br/>"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard <br/>"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour <br/>"3D Home Architect Deluxe 3.0" = 3D Home Architect(r) Deluxe 3.0 <br/>"46a1e86e065821dade4276712973d0c6-450279985" = TOD 072007 <br/>"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional <br/>"Adobe AIR" = Adobe AIR <br/>"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX <br/>"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 <br/>"All ATI Software" = ATI - Software Uninstall Utility <br/>"ATI Display Driver" = ATI Display Driver <br/>"Autodesk DWF Viewer" = Autodesk DWF Viewer <br/>"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com <br/>"EPSON Scanner" = EPSON Scan <br/>"FrostWire" = FrostWire 4.21.3 <br/>"Google Chrome" = Google Chrome <br/>"Google Updater" = Google Updater <br/>"HP LaserJet P1500 series" = HP LaserJet P1500 series <br/>"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs <br/>"ie7" = Windows Internet Explorer 7 <br/>"ie8" = Windows Internet Explorer 8 <br/>"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email <br/>"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem <br/>"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800 <br/>"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 <br/>"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 <br/>"Microsoft Security Client" = Microsoft Security Essentials <br/>"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP <br/>"MWASPI" = MicroStaff WINASPI <br/>"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs <br/>"OpenDNS Updater" = OpenDNS Updater 2.2.1 <br/>"PROSet" = Intel(R) PRO Network Connections Drivers <br/>"Silent Package Run-Time Sample" = EPSON Perf 3490 3590 Guide <br/>"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4 <br/>"TeamViewer 5" = TeamViewer 5 <br/>"TELUS 2006 Calendar" = TELUS 2006 Calendar Screen Saver <br/>"TightVNC_is1" = TightVNC 1.3.9 <br/>"TomTom HOME" = TomTom HOME 2.7.6.2056 <br/>"Uponor Advanced Design Suite 6" = Uponor Advanced Design Suite 6 <br/>"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner <br/>"Windows Media Format Runtime" = Windows Media Format 11 runtime <br/>"Windows Media Player" = Windows Media Player 11 <br/>"Windows XP Service Pack" = Windows XP Service Pack 3 <br/>"WinLiveSuite_Wave3" = Windows Live Essentials <br/>"WMFDist11" = Windows Media Format 11 runtime <br/>"wmp11" = Windows Media Player 11 <br/>"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 <br/>"WXTide32" = WXTide32 <br/> <br/>[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer <br/> <br/>[color=#E56717]========== Last 10 Event Log Errors ==========[/color] <br/> <br/>[ Application Events ] <br/>Error - 5/17/2011 2:47:51 PM | Computer Name = DENNIS-A156D710 | Source = Application Hang | ID = 1002 <br/>Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module <br/> hungapp, version 0.0.0.0, hang address 0x00000000. <br/> <br/>Error - 6/21/2011 1:16:11 PM | Computer Name = DENNIS-A156D710 | Source = MPSampleSubmission | ID = 5000 <br/>Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 <br/>download, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials <br/> (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. <br/> <br/>Error - 8/9/2011 12:42:26 AM | Computer Name = DENNIS-A156D710 | Source = MPSampleSubmission | ID = 5000 <br/>Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0, <br/> P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. <br/> <br/>Error - 8/14/2011 2:13:05 AM | Computer Name = DENNIS-A156D710 | Source = MPSampleSubmission | ID = 5000 <br/>Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4 <br/>3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), <br/> P8 NIL, P9 NIL, P10 NIL. <br/> <br/>Error - 8/14/2011 10:47:17 PM | Computer Name = DENNIS-A156D710 | Source = LoadPerf | ID = 3001 <br/>Description = The performance counter name string value in the registry is incorrectly <br/>formatted. <br/> The bogus string is 12678, the bogus index value is the first DWORD in Data section <br/> while the last valid index values are the second and third DWORD in Data section. <br/> <br/>Error - 8/14/2011 10:47:17 PM | Computer Name = DENNIS-A156D710 | Source = LoadPerf | ID = 3011 <br/>Description = Unloading the performance counter strings for service ASP.NET_2.0.50727 <br/> (ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section. <br/> <br/>Error - 8/14/2011 10:47:19 PM | Computer Name = DENNIS-A156D710 | Source = LoadPerf | ID = 3001 <br/>Description = The performance counter name string value in the registry is incorrectly <br/>formatted. <br/> The bogus string is 12678, the bogus index value is the first DWORD in Data section <br/> while the last valid index values are the second and third DWORD in Data section. <br/> <br/>Error - 8/14/2011 10:47:19 PM | Computer Name = DENNIS-A156D710 | Source = LoadPerf | ID = 3011 <br/>Description = Unloading the performance counter strings for service aspnet_state <br/> (ASP.NET State Service) failed. The Error code is the first DWORD in Data section. <br/> <br/>Error - 8/14/2011 10:47:20 PM | Computer Name = DENNIS-A156D710 | Source = LoadPerf | ID = 3001 <br/>Description = The performance counter name string value in the registry is incorrectly <br/>formatted. <br/> The bogus string is 12678, the bogus index value is the first DWORD in Data section <br/> while the last valid index values are the second and third DWORD in Data section. <br/> <br/>Error - 8/16/2011 12:37:10 PM | Computer Name = DENNIS-A156D710 | Source = Application Error | ID = 1000 <br/>Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe, <br/> version 0.0.0.0, fault address 0x00081dc9. <br/> <br/>[ System Events ] <br/>Error - 8/16/2011 12:51:00 AM | Computer Name = DENNIS-A156D710 | Source = SideBySide | ID = 16842811 <br/>Description = Generate Activation Context failed for C:\Program Files\HP\Dfawep\bin\MFC80U.DLL. <br/>Reference <br/> error message: The operation completed successfully. . <br/> <br/>Error - 8/16/2011 3:52:00 AM | Computer Name = DENNIS-A156D710 | Source = SideBySide | ID = 16842784 <br/>Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last <br/> Error was The referenced assembly is not installed on your system. <br/> <br/>Error - 8/16/2011 3:52:00 AM | Computer Name = DENNIS-A156D710 | Source = SideBySide | ID = 16842811 <br/>Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference <br/> error message: The referenced assembly is not installed on your system. . <br/> <br/>Error - 8/16/2011 3:52:00 AM | Computer Name = DENNIS-A156D710 | Source = SideBySide | ID = 16842811 <br/>Description = Generate Activation Context failed for C:\Program Files\HP\Dfawep\bin\MFC80U.DLL. <br/>Reference <br/> error message: The operation completed successfully. . <br/> <br/>Error - 8/16/2011 6:53:00 AM | Computer Name = DENNIS-A156D710 | Source = SideBySide | ID = 16842784 <br/>Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last <br/> Error was The referenced assembly is not installed on your system. <br/> <br/>Error - 8/16/2011 6:53:00 AM | Computer Name = DENNIS-A156D710 | Source = SideBySide | ID = 16842811 <br/>Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference <br/> error message: The referenced assembly is not installed on your system. . <br/> <br/>Error - 8/16/2011 6:53:00 AM | Computer Name = DENNIS-A156D710 | Source = SideBySide | ID = 16842811 <br/>Description = Generate Activation Context failed for C:\Program Files\HP\Dfawep\bin\MFC80U.DLL. <br/>Reference <br/> error message: The operation completed successfully. . <br/> <br/>Error - 8/16/2011 9:54:00 AM | Computer Name = DENNIS-A156D710 | Source = SideBySide | ID = 16842784 <br/>Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last <br/> Error was The referenced assembly is not installed on your system. <br/> <br/>Error - 8/16/2011 9:54:00 AM | Computer Name = DENNIS-A156D710 | Source = SideBySide | ID = 16842811 <br/>Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference <br/> error message: The referenced assembly is not installed on your system. . <br/> <br/>Error - 8/16/2011 9:54:00 AM | Computer Name = DENNIS-A156D710 | Source = SideBySide | ID = 16842811 <br/>Description = Generate Activation Context failed for C:\Program Files\HP\Dfawep\bin\MFC80U.DLL. <br/>Reference <br/> error message: The operation completed successfully. . <br/> <br/> <br/>< End of report >
Posted 8/17/2011 10:12 AM
#92151
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
Has the redirect issue stopped? If it hasn't, can you download a fresh TDSSKiller and run that one. <br/> <br/>Also run OTL again. <br/>Under the Custom Scans/Fixes box at the bottom, paste in the following: <br/> <br/>---------------------------------------------------- <br/> <br/>:OTL <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{131F8778-548F-47F5-B8EF-EEBCAC9A19E2}: C:\Documents and Settings\Spook\Local Settings\Application Data\{131F8778-548F-47F5-B8EF-EEBCAC9A19E2} <br/>[2011/07/21 17:58:24 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Spook\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini <br/>[2006/11/11 21:50:36 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Spook\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 1A A5 BD CB 76 CB 01 [binary data] <br/> <br/> <br/>:Commands <br/>[purity] <br/>[emptytemp] <br/>[EMPTYFLASH] <br/>[Reboot] <br/> <br/>---------------------------------------------------- <br/> <br/>Then click the Run Fix button at the top <br/>Let the program run unhindered, reboot the PC when it is done.
* You may pm me if you're still waiting for my follow-up post.
Posted 8/17/2011 6:57 PM
#92157
User avatar

Ytee Member

Date Joined Nov 2016
Total Posts: 3
Ok, the redirects seemed to have stopped. The Microsoft Security Essentials is working again as is the security centre service. I have run TDSSKiller (fresh copy) and it found nothing (but it never did before either.) I ran the OTL patch/fix you wanted as well. <br/>Anything else I should do? <br/>Anything else look suspect that I should clean out? (BTW, I am very good with regedit etc.) <br/>What should I do to remove the quarantined ComboFix files? <br/>Should I uninstall ComboFix and OTL? <br/> <br/>Let me know. <br/>Thanks! <br/>Steve
Posted 8/18/2011 9:09 AM
#92163
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
Glad to know that the redirect issue is fixed. <br/> <br/> <br/> <br/> <br/>"What should I do to remove the quarantined ComboFix files? <br/>Should I uninstall ComboFix and OTL?" <br/> <br/> <br/> <br/> <br/>To uninstall ComboFix just run this command: <br/> <br/>Combofix /Uninstall <br/> <br/> <br/> <br/>After uninstalling combofix, to remove OTL just run the "CleanUp" button within OTL and it will remove itself and other tools that you may have used in the past e.g. Killbox, avenger, combofix etc. <br/>I prefer to use combofix' uninstall routine than letting OTL delete combofix, so just uninstall combofix first before running OTL's cleanup routine.
* You may pm me if you're still waiting for my follow-up post.
Posted 8/30/2012 5:01 AM
#94305
User avatar

HydroBox Member

Date Joined Nov 2016
Total Posts: 1
Hello, <br/> <br/>I am super new here but I am having a similar problem. I didn't know if I should make a new thread or add to this one. I am running Windows 7 right now and I cannot get microsoft security essentials to run. I've looked on other forums and some suggested to activate the security center in the service panel. The problem is that there is also no security center in my services panel and I cannot start windows firewall. I want to try out the Combofix but on the tutorial, it said I shouldn't do it without a helper. So can you help/supervise me? Thanks in advance for your help. <br/> <br/> <br/>--Box
Posted 8/30/2012 5:50 AM
#94308
User avatar

Advanced member

Make a new thread and follow the steps from here: http://forum.bullguard.com/forum/10/Before-posting-a-log_43566.html
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 5, 2016, 3:45 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,965 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.