Skip to main content

TrojanBNK.Win32.Keylogger.gen/XP Home Security 2012

Comments

61 comments

  • Customer
    Ran full scan with AdAware (took like 5 hours). Here is the OTL log. Thanks for your help.



    OTL logfile created on: 12/15/2011 11:40:06 PM - Run 3

    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Richard\Desktop\Computer Maintenece

    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free

    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free

    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]



    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 69.64 Gb Total Space | 5.98 Gb Free Space | 8.58% Space Free | Partition Type: NTFS



    Computer Name: LABTOP | User Name: Richard | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: Current user

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days



    [color=#E56717]========== Processes (SafeList) ==========[/color]



    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)

    PRC - C:\Documents and Settings\Richard\Desktop\Computer Maintenece\OTL.exe (OldTimer Tools)

    PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)

    PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)

    PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

    PRC - C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)

    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    PRC - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()

    PRC - C:\WINDOWS\system32\o2flash.exe ()





    [color=#E56717]========== Modules (SafeList) ==========[/color]



    MOD - C:\Documents and Settings\Richard\Desktop\Computer Maintenece\OTL.exe (OldTimer Tools)

    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)





    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]



    SRV - (Roxio Upnp Server 9) -- File not found

    SRV - (Roxio UPnP Renderer 9) -- File not found

    SRV - (AppMgmt) -- File not found

    SRV - (ACDaemon) -- File not found

    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

    SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)

    SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)

    SRV - (dev5_ap1) -- C:\phpdev5\apache\Apache.exe ()

    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

    SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)

    SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()

    SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe ()





    [color=#E56717]========== Driver Services (SafeList) ==========[/color]



    DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

    DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)

    DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()

    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

    DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

    DRV - (O2MDRDR) -- C:\WINDOWS\System32\DRIVERS\o2media.sys (O2Micro )

    DRV - (O2SDRDR) -- C:\WINDOWS\System32\DRIVERS\o2sd.sys (O2Micro )

    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

    DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)

    DRV - (AGR1310_51) -- C:\WINDOWS\system32\drivers\AGR1310_51.sys (Agere Systems)

    DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

    DRV - (Ktp3) -- C:\WINDOWS\system32\drivers\Ktp3.sys (Elantech Devices Corp.)

    DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)





    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]





    [color=#E56717]========== Internet Explorer ==========[/color]





    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    [color=#E56717]========== FireFox ==========[/color]



    FF - prefs.js..browser.search.selectedEngine: "Search the Web"

    FF - prefs.js..browser.search.update: false

    FF - prefs.js..browser.search.useDBForOrder: true

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

    FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0

    FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106

    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10

    FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

    FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9

    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="

    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - prefs.js..network.proxy.type: 1



    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/26 18:19:54 | 000,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/22 08:14:27 | 000,000,000 | ---D | M]



    [2009/04/19 20:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions

    [2011/12/01 17:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions

    [2011/05/04 11:48:31 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

    [2010/12/28 12:30:28 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

    [2011/11/30 23:00:34 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

    [2011/05/04 11:48:33 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

    [2011/11/30 23:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    [2010/03/16 09:27:46 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

    [2011/05/21 07:29:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    [2008/09/10 00:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll

    [2011/05/21 07:29:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    [2011/10/17 13:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml



    Hosts file not found

    O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()

    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()

    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

    O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

    O4 - Startup: C:\Documents and Settings\Richard\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Richard\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found

    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

    O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A101} http://www.leadstoloans.com/activex/fafile.dll (First American File Control)

    O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A201} http://www.leadstoloans.com/activex/faprint.dll (First American Print Control)

    O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A301} http://www.leadstoloans.com/activex/fagrid.dll (First American Grid Control)

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159818431983 (WUWebControl Class)

    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159818421170 (MUWebControl Class)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)

    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

    O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

    O24 - Desktop WallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2009/06/11 10:43:27 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*



    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]



    [2011/12/14 21:58:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Richard\Desktop\aswMBR.exe

    [2011/12/14 18:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

    [2011/12/13 20:30:13 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Richard\Local Settings\Application Data\ptw.exe

    [2011/12/13 20:28:23 | 000,000,000 | --SD | C] -- C:\ComboFix

    [2011/12/13 20:25:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER

    [2011/12/11 17:31:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

    [2011/12/11 17:31:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

    [2011/12/11 17:31:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

    [2011/12/11 17:31:17 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2011/12/11 17:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Richard\Start Menu\Programs\Administrative Tools

    [2011/12/11 17:29:15 | 004,337,036 | R--- | C] (Swearware) -- C:\Documents and Settings\Richard\Desktop\ComboFix.exe

    [2011/12/09 19:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

    [2011/12/09 19:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

    [2011/12/09 17:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\adawaretb

    [2011/11/30 23:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\adaware

    [2011/11/30 23:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection

    [2011/11/30 23:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner

    [2011/11/30 23:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\adawaretb

    [2011/11/30 23:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb

    [2011/11/29 09:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\My Documents\Adobe Scripts

    [2011/11/28 20:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\usrMainPlay

    [2007/11/10 23:30:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Richard\Application Data\pcouffin.sys

    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]



    [2011/12/15 15:17:51 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

    [2011/12/15 09:08:32 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2011/12/15 09:07:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2011/12/14 22:00:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\MBR.dat

    [2011/12/14 21:58:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Richard\Desktop\aswMBR.exe

    [2011/12/14 21:23:16 | 001,557,791 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\tdsskiller.zip

    [2011/12/14 21:10:26 | 002,848,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2011/12/14 19:07:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2011/12/13 20:30:13 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richard\Local Settings\Application Data\ptw.exe

    [2011/12/13 20:30:12 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Richard\Application Data\vso_ts_preview.xml

    [2011/12/13 20:30:11 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe

    [2011/12/13 07:41:53 | 000,011,977 | ---- | M] () -- C:\Documents and Settings\Richard\all

    [2011/12/11 17:29:25 | 004,337,036 | R--- | M] (Swearware) -- C:\Documents and Settings\Richard\Desktop\ComboFix.exe

    [2011/12/11 16:08:56 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\rk-proxy.reg

    [2011/12/11 16:02:16 | 001,008,120 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\iExplore.exe

    [2011/12/11 15:47:56 | 000,001,205 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\FixNCR.reg

    [2011/12/11 15:43:05 | 000,014,316 | -HS- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o

    [2011/12/11 15:43:05 | 000,014,316 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o

    [2011/12/09 18:47:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\gbreeJ.com.b

    [2011/12/09 18:47:46 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1L4652v.dat

    [2011/12/09 18:47:45 | 000,079,872 | ---- | M] () -- C:\WINDOWS\System32\gbreeJ.com_

    [2011/12/09 18:47:45 | 000,079,872 | ---- | M] () -- C:\WINDOWS\System32\gbreeJ.com

    [2011/12/09 18:47:45 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe_

    [2011/12/09 17:43:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe.b

    [2011/12/09 13:24:38 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

    [2011/12/09 13:24:38 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

    [2011/12/02 13:27:31 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

    [2011/11/30 23:00:24 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

    [2011/11/23 13:00:52 | 000,156,672 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys

    [2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

    [2011/11/18 14:33:14 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\hordersRus (E).lnk

    [2011/11/16 11:41:54 | 001,765,063 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\lab-school-cookiedrop.psd

    [2011/11/16 10:14:02 | 000,042,997 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\parachute-icon.png

    [2011/11/16 08:03:48 | 000,466,782 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2011/11/16 08:03:47 | 000,081,574 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



    [color=#E56717]========== Files Created - No Company Name ==========[/color]



    [2011/12/14 22:00:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\MBR.dat

    [2011/12/14 21:23:03 | 001,557,791 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\tdsskiller.zip

    [2011/12/13 20:30:12 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\vso_ts_preview.xml

    [2011/12/13 20:29:04 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe_

    [2011/12/13 20:29:04 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe

    [2011/12/13 17:46:00 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\gbreeJ.com

    [2011/12/13 07:28:31 | 000,011,977 | ---- | C] () -- C:\Documents and Settings\Richard\all

    [2011/12/11 17:31:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

    [2011/12/11 17:31:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

    [2011/12/11 17:31:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

    [2011/12/11 17:31:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

    [2011/12/11 17:31:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

    [2011/12/11 16:08:56 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\rk-proxy.reg

    [2011/12/11 16:02:14 | 001,008,120 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\iExplore.exe

    [2011/12/11 15:59:41 | 000,001,205 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\FixNCR.reg

    [2011/12/09 18:47:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\gbreeJ.com.b

    [2011/12/09 17:43:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe.b

    [2011/12/09 17:36:54 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\gbreeJ.com_

    [2011/12/09 17:36:54 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1L4652v.dat

    [2011/12/09 17:23:16 | 000,014,316 | -HS- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o

    [2011/12/09 17:23:16 | 000,014,316 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o

    [2011/12/01 07:26:06 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

    [2011/11/18 14:32:51 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\hordersRus (E).lnk

    [2011/11/16 11:41:50 | 001,765,063 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\lab-school-cookiedrop.psd

    [2011/11/16 10:14:01 | 000,042,997 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\parachute-icon.png

    [2011/05/27 11:06:06 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

    [2011/05/27 11:06:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

    [2010/10/21 20:49:22 | 000,207,982 | ---- | C] () -- C:\WINDOWS\hpoins43.dat

    [2010/10/21 20:49:22 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat

    [2010/08/23 13:51:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\phpdev.ini

    [2010/08/05 09:57:49 | 000,134,272 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

    [2010/03/22 11:25:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

    [2009/10/08 07:52:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2009/07/27 14:35:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

    [2009/04/30 15:08:59 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

    [2009/04/24 13:27:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Font Book

    [2009/03/12 18:56:25 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\winscp.rnd

    [2008/10/09 15:25:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

    [2008/10/09 11:27:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

    [2008/08/30 08:29:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

    [2008/08/30 08:29:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\Galaxy Swirl

    [2008/05/20 23:05:59 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

    [2008/04/04 10:05:12 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe

    [2008/01/06 14:13:49 | 000,000,054 | ---- | C] () -- C:\WINDOWS\winpoint.ini

    [2007/11/10 23:30:24 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\pcouffin.cat

    [2007/11/10 23:30:24 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\pcouffin.inf

    [2007/11/09 21:48:20 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll

    [2007/04/30 13:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI

    [2007/04/28 07:23:41 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

    [2007/04/17 14:28:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

    [2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

    [2006/11/26 16:40:52 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

    [2006/11/17 23:35:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\hndlt.ini

    [2006/11/17 23:34:41 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\windll.ini

    [2006/11/08 19:59:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini

    [2006/10/09 11:00:34 | 000,156,672 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2006/10/04 11:35:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

    [2006/10/02 19:50:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

    [2006/10/02 19:33:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini

    [2006/10/02 15:29:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

    [2006/10/02 14:32:15 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini

    [2006/10/02 09:56:30 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\FASTWiz.html

    [2006/09/30 14:26:44 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini

    [2006/09/29 19:10:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

    [2006/07/18 13:31:20 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\fusioncache.dat

    [2006/07/12 15:26:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

    [2006/07/12 15:20:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    [2006/07/12 07:41:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    [2006/07/12 07:40:05 | 002,848,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2005/01/27 01:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe

    [2005/01/20 21:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll

    [2003/09/16 10:52:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

    [2003/09/16 10:43:31 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

    [2003/09/16 10:41:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    [2001/08/18 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

    [2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

    [2001/08/18 07:00:00 | 000,466,782 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

    [2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

    [2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

    [2001/08/18 07:00:00 | 000,081,574 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

    [2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

    [2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

    [2001/08/18 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    [2001/08/18 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

    [2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat



    [color=#E56717]========== LOP Check ==========[/color]



    [2011/12/15 09:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection

    [2007/11/09 21:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

    [2008/08/30 08:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

    [2008/04/05 08:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jes-Soft

    [2007/01/26 15:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

    [2008/06/15 09:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS

    [2009/07/17 17:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

    [2008/08/30 08:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

    [2010/06/15 08:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

    [2007/11/11 07:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

    [2009/06/01 10:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

    [2011/02/05 11:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    [2008/03/24 16:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\acccore

    [2011/12/12 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\adawaretb

    [2008/01/06 12:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Aim

    [2011/03/22 08:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Amazon

    [2010/03/08 09:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Azureus

    [2009/05/17 10:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Blackberry Desktop

    [2010/09/23 10:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\com.adobe.ExMan

    [2010/11/16 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

    [2007/07/18 16:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CTS

    [2011/12/15 09:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Dropbox

    [2009/03/12 18:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\FileZilla

    [2010/05/09 12:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\foobar2000

    [2007/03/12 15:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Investintech

    [2007/06/24 09:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Leadertech

    [2008/08/30 08:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Nikon

    [2008/04/02 20:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\OfficeUpdate12

    [2009/05/20 07:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Research In Motion

    [2010/05/28 11:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Subversion

    [2007/01/18 12:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Viewpoint

    [2011/10/06 18:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Vso

    [2011/12/15 15:17:51 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job



    [color=#E56717]========== Purity Check ==========[/color]







    < End of report >
    0
  • Support
    Please, download and run OTL again, djs. Paste the logs and I will see if I can see anything about rundll32 in them.
    0
  • Customer
    I was able to get the computer back online and download/run the OTL from the link provided by this site. OTL says "scan complete" but no logs appeared. I think the malware is preventing the logs from popping up. Please help. Thanks!
    0
  • Support
    Hi djs,



    This infection changes settings on your computer so that when you start a program, it will instead start the infection. To fix this you must change a registry settings. From a clean computer, please download the following file and save it to a CD/DVD, external Drive, or USB flash drive.



    FixNCR.reg (http://download.bleepingcomputer.com/reg/FixNCR.reg)



    Save the file on the external device and move it to the infected computer. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.



    Download RKill by Grinler to your Desktop:

    On the page [url=http://www.bleepingcomputer.com/download/anti-virus/rkill]http://www.bleepingcomputer.com/download/anti-virus/rkill[/url] click the link [b]iExplore.exe Download Link[/b] and save it to your desktop, please.



    Double-click on the iExplore.exe icon to start RKill. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.



    If you get a message that RKill is an infection, that is a fake warning given by the infection. The trick is to leave the warning on the screen and then run RKill again.



    Run RKill five times.



    If you continue having problems running RKill, you can download the other renamed versions of RKill from the rkill download page. All of the files are renamed copies of RKill, which you can try instead.



    Please, try to run OTL again.
    0
  • Customer
    Cecelia B. - Thanks for your help. From your instructions I was able to get the following OTL log.





    OTL logfile created on: 12/11/2011 4:23:50 PM - Run 2

    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Richard\My Documents\Downloads

    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



    1.44 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 57.51% Memory free

    1.95 Gb Paging File | 1.45 Gb Available in Paging File | 74.34% Paging File free

    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]



    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 69.64 Gb Total Space | 3.88 Gb Free Space | 5.57% Space Free | Partition Type: NTFS



    Computer Name: LABTOP | User Name: Richard | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: Current user

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days



    [color=#E56717]========== Processes (SafeList) ==========[/color]



    PRC - C:\Documents and Settings\Richard\My Documents\Downloads\OTL(2).exe (OldTimer Tools)

    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

    PRC - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

    PRC - C:\Documents and Settings\Richard\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)

    PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)

    PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

    PRC - C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)

    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    PRC - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()

    PRC - C:\WINDOWS\system32\o2flash.exe ()





    [color=#E56717]========== Modules (No Company Name) ==========[/color]



    MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()

    MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()

    MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()

    MOD - C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll ()

    MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()

    MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()

    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

    MOD - C:\Program Files\Adobe\Adobe Bridge CS4\FileInfo.dll ()

    MOD - C:\Program Files\Adobe\Adobe Bridge CS4\AdobeXMPFiles.dll ()

    MOD - C:\Program Files\Adobe\Adobe Bridge CS4\AdobeXMP.dll ()

    MOD - C:\Program Files\Adobe\Adobe Bridge CS4\Symlib.dll ()

    MOD - C:\Program Files\Adobe\Adobe Bridge CS4\libmysqld.dll ()

    MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()

    MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()

    MOD - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()

    MOD - C:\WINDOWS\system32\o2flash.exe ()





    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]



    SRV - (Roxio Upnp Server 9) -- File not found

    SRV - (Roxio UPnP Renderer 9) -- File not found

    SRV - (AppMgmt) -- File not found

    SRV - (ACDaemon) -- File not found

    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

    SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)

    SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)

    SRV - (dev5_ap1) -- C:\phpdev5\apache\Apache.exe ()

    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

    SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)

    SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()

    SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe ()





    [color=#E56717]========== Driver Services (SafeList) ==========[/color]



    DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

    DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)

    DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()

    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

    DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

    DRV - (O2MDRDR) -- C:\WINDOWS\System32\DRIVERS\o2media.sys (O2Micro )

    DRV - (O2SDRDR) -- C:\WINDOWS\System32\DRIVERS\o2sd.sys (O2Micro )

    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

    DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)

    DRV - (AGR1310_51) -- C:\WINDOWS\system32\drivers\AGR1310_51.sys (Agere Systems)

    DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

    DRV - (Ktp3) -- C:\WINDOWS\system32\drivers\Ktp3.sys (Elantech Devices Corp.)

    DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)





    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]





    [color=#E56717]========== Internet Explorer ==========[/color]





    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    [color=#E56717]========== FireFox ==========[/color]



    FF - prefs.js..browser.search.selectedEngine: "Search the Web"

    FF - prefs.js..browser.search.update: false

    FF - prefs.js..browser.search.useDBForOrder: true

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

    FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0

    FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106

    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10

    FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

    FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9

    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="

    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - prefs.js..network.proxy.type: 1



    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/26 18:19:54 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/22 08:14:27 | 000,000,000 | ---D | M]



    [2009/04/19 20:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions

    [2011/12/01 17:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions

    [2011/05/04 11:48:31 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

    [2010/12/28 12:30:28 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

    [2011/11/30 23:00:34 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

    [2011/05/04 11:48:33 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

    [2011/11/30 23:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    [2010/03/16 09:27:46 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

    [2011/05/21 07:29:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    [2008/09/10 00:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll

    [2011/05/21 07:29:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    [2011/10/17 13:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml



    O1 HOSTS File: ([2008/04/04 06:33:45 | 000,231,164 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: 127.0.0.1 .supercocklol.com

    O1 - Hosts: 127.0.0.1 www..webloyalty.com

    O1 - Hosts: 127.0.0.1 007guard.com

    O1 - Hosts: 127.0.0.1 www.007guard.com

    O1 - Hosts: 127.0.0.1 008i.com

    O1 - Hosts: 127.0.0.1 008k.com

    O1 - Hosts: 127.0.0.1 www.008k.com

    O1 - Hosts: 127.0.0.1 00hq.com

    O1 - Hosts: 127.0.0.1 www.00hq.com

    O1 - Hosts: 127.0.0.1 010402.com

    O1 - Hosts: 127.0.0.1 032439.com

    O1 - Hosts: 127.0.0.1 www.032439.com

    O1 - Hosts: 127.0.0.1 1001-search.info

    O1 - Hosts: 127.0.0.1 www.1001-search.info

    O1 - Hosts: 127.0.0.1 www.100888290cs.com

    O1 - Hosts: 127.0.0.1 100888290cs.com

    O1 - Hosts: 127.0.0.1 100sexlinks.com

    O1 - Hosts: 127.0.0.1 www.100sexlinks.com

    O1 - Hosts: 127.0.0.1 www.10sek.com

    O1 - Hosts: 127.0.0.1 10sek.com

    O1 - Hosts: 127.0.0.1 123topsearch.com

    O1 - Hosts: 127.0.0.1 www.123topsearch.com

    O1 - Hosts: 127.0.0.1 www.132.com

    O1 - Hosts: 127.0.0.1 132.com

    O1 - Hosts: 8104 more lines...

    O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()

    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()

    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O4 - HKLM..\Run: [] File not found

    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

    O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

    O4 - Startup: C:\Documents and Settings\Richard\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Richard\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found

    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

    O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A101} http://www.leadstoloans.com/activex/fafile.dll (First American File Control)

    O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A201} http://www.leadstoloans.com/activex/faprint.dll (First American Print Control)

    O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A301} http://www.leadstoloans.com/activex/fagrid.dll (First American Grid Control)

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159818431983 (WUWebControl Class)

    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159818421170 (MUWebControl Class)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)

    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

    O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D182252-A0DB-4D93-8F57-EA9893617957}: DhcpNameServer = 192.168.1.1

    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (C:\WINDOWS\Cursors\lsass.exe) - File not found

    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

    O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

    O24 - Desktop WallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2009/06/11 10:43:27 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

    O33 - MountPoints2\{1437abea-50b9-11db-9ab9-e826ec70053c}\Shell - "" = AutoRun

    O33 - MountPoints2\{1437abea-50b9-11db-9ab9-e826ec70053c}\Shell\AutoRun - "" = Auto&Play

    O33 - MountPoints2\{1437abea-50b9-11db-9ab9-e826ec70053c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

    O33 - MountPoints2\{51b3cf53-ec11-11de-a856-0013d36ff7e5}\Shell\AutoRun\command - "" = G:\MI.exe

    O33 - MountPoints2\{a6051972-19b5-11df-a89b-0013d36ff7e5}\Shell\AutoRun\command - "" = slacker.synclauncher.exe

    O33 - MountPoints2\{a6051972-19b5-11df-a89b-0013d36ff7e5}\Shell\slacker\command - "" = slacker.synclauncher.exe

    O34 - HKLM BootExecute: (autocheck autochk *)

    O34 - HKLM BootExecute: (lsdelete)

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = ComFile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*



    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]



    [2011/12/09 19:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

    [2011/12/09 19:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

    [2011/12/09 17:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\adawaretb

    [2011/12/09 17:23:14 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Richard\Local Settings\Application Data\ptw.exe

    [2011/11/30 23:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\adaware

    [2011/11/30 23:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection

    [2011/11/30 23:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner

    [2011/11/30 23:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\adawaretb

    [2011/11/30 23:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb

    [2011/11/29 09:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\My Documents\Adobe Scripts

    [2011/11/28 20:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\usrMainPlay

    [2007/11/10 23:30:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Richard\Application Data\pcouffin.sys

    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]



    [2011/12/11 16:22:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

    [2011/12/11 16:22:02 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2011/12/11 16:21:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2011/12/11 16:20:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2011/12/11 16:08:56 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\rk-proxy.reg

    [2011/12/11 16:02:16 | 001,008,120 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\iExplore.exe

    [2011/12/11 15:47:56 | 000,001,205 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\FixNCR.reg

    [2011/12/11 15:47:52 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At31.job

    [2011/12/11 15:46:26 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At32.job

    [2011/12/11 15:43:05 | 000,014,316 | -HS- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o

    [2011/12/11 15:43:05 | 000,014,316 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o

    [2011/12/11 14:46:32 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At30.job

    [2011/12/11 14:46:27 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At29.job

    [2011/12/11 13:47:48 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At28.job

    [2011/12/11 13:47:34 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At27.job

    [2011/12/11 12:47:31 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At26.job

    [2011/12/11 12:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At25.job

    [2011/12/11 11:46:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

    [2011/12/11 11:46:29 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

    [2011/12/11 10:46:42 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

    [2011/12/11 10:46:35 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

    [2011/12/11 10:02:44 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

    [2011/12/11 10:00:42 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

    [2011/12/10 23:46:41 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At48.job

    [2011/12/10 23:46:35 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At47.job

    [2011/12/10 22:46:31 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At46.job

    [2011/12/10 22:46:25 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At45.job

    [2011/12/10 21:46:41 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At44.job

    [2011/12/10 21:46:36 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At43.job

    [2011/12/10 20:46:46 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At42.job

    [2011/12/10 20:46:35 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At41.job

    [2011/12/10 19:46:41 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At39.job

    [2011/12/10 19:46:25 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At40.job

    [2011/12/10 18:46:41 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At37.job

    [2011/12/10 18:46:35 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At38.job

    [2011/12/10 18:20:19 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At35.job

    [2011/12/10 18:18:19 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At36.job

    [2011/12/10 16:52:25 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At34.job

    [2011/12/10 16:46:25 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At33.job

    [2011/12/09 18:47:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\gbreeJ.com.b

    [2011/12/09 18:47:46 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1L4652v.dat

    [2011/12/09 18:47:45 | 000,079,872 | ---- | M] () -- C:\WINDOWS\System32\gbreeJ.com_

    [2011/12/09 17:43:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe.b

    [2011/12/09 17:43:51 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

    [2011/12/09 17:23:14 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richard\Local Settings\Application Data\ptw.exe

    [2011/12/09 13:24:38 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

    [2011/12/09 13:24:38 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

    [2011/12/02 13:27:31 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

    [2011/11/30 23:00:24 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

    [2011/11/30 08:22:13 | 002,848,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2011/11/23 13:00:52 | 000,156,672 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2011/11/18 14:33:14 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\hordersRus (E).lnk

    [2011/11/16 11:41:54 | 001,765,063 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\lab-school-cookiedrop.psd

    [2011/11/16 10:14:02 | 000,042,997 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\parachute-icon.png

    [2011/11/16 08:03:48 | 000,466,782 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2011/11/16 08:03:47 | 000,081,574 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



    [color=#E56717]========== Files Created - No Company Name ==========[/color]



    [2011/12/11 16:08:56 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\rk-proxy.reg

    [2011/12/11 16:02:14 | 001,008,120 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\iExplore.exe

    [2011/12/11 15:59:41 | 000,001,205 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\FixNCR.reg

    [2011/12/09 18:47:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\gbreeJ.com.b

    [2011/12/09 17:43:52 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe

    [2011/12/09 17:43:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe.b

    [2011/12/09 17:36:54 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\gbreeJ.com_

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At48.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At46.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At44.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At42.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At40.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At38.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At36.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At34.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At32.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At30.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At28.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At26.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At47.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At45.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At43.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At41.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At39.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At37.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At35.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At33.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At31.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At29.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At27.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At25.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

    [2011/12/09 17:36:54 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1L4652v.dat

    [2011/12/09 17:23:16 | 000,014,316 | -HS- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o

    [2011/12/09 17:23:16 | 000,014,316 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o

    [2011/12/01 07:26:06 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

    [2011/11/18 14:32:51 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\hordersRus (E).lnk

    [2011/11/16 11:41:50 | 001,765,063 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\lab-school-cookiedrop.psd

    [2011/11/16 10:14:01 | 000,042,997 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\parachute-icon.png

    [2011/05/27 11:06:06 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

    [2011/05/27 11:06:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

    [2010/10/21 20:49:22 | 000,207,982 | ---- | C] () -- C:\WINDOWS\hpoins43.dat

    [2010/10/21 20:49:22 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat

    [2010/08/23 13:51:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\phpdev.ini

    [2010/08/05 09:57:49 | 000,134,272 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

    [2010/03/22 11:25:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

    [2009/10/08 07:52:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2009/07/27 14:35:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

    [2009/04/30 15:08:59 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

    [2009/04/24 13:27:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Font Book

    [2009/03/12 18:56:25 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\winscp.rnd

    [2008/11/12 19:55:08 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\vso_ts_preview.xml

    [2008/10/09 15:25:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

    [2008/10/09 11:27:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

    [2008/08/30 08:29:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

    [2008/08/30 08:29:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\Galaxy Swirl

    [2008/05/20 23:05:59 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

    [2008/04/04 10:05:12 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe

    [2008/01/06 14:13:49 | 000,000,054 | ---- | C] () -- C:\WINDOWS\winpoint.ini

    [2007/11/10 23:30:24 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\pcouffin.cat

    [2007/11/10 23:30:24 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\pcouffin.inf

    [2007/11/09 21:48:20 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll

    [2007/04/30 13:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI

    [2007/04/28 07:23:41 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

    [2007/04/17 14:28:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

    [2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

    [2006/11/26 16:40:52 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

    [2006/11/17 23:35:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\hndlt.ini

    [2006/11/17 23:34:41 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\windll.ini

    [2006/11/08 19:59:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini

    [2006/10/09 11:00:34 | 000,156,672 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2006/10/04 11:35:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

    [2006/10/02 19:50:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

    [2006/10/02 19:33:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini

    [2006/10/02 15:29:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

    [2006/10/02 14:32:15 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini

    [2006/10/02 09:56:30 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\FASTWiz.html

    [2006/09/30 14:26:44 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini

    [2006/09/29 19:10:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

    [2006/07/18 13:31:20 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\fusioncache.dat

    [2006/07/12 15:26:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

    [2006/07/12 15:20:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    [2006/07/12 07:41:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    [2006/07/12 07:40:05 | 002,848,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2005/01/27 01:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe

    [2005/01/20 21:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll

    [2003/09/16 10:52:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

    [2003/09/16 10:43:31 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

    [2003/09/16 10:41:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    [2001/08/18 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

    [2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

    [2001/08/18 07:00:00 | 000,466,782 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

    [2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

    [2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

    [2001/08/18 07:00:00 | 000,081,574 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

    [2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

    [2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

    [2001/08/18 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    [2001/08/18 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

    [2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat



    [color=#E56717]========== LOP Check ==========[/color]



    [2011/12/11 16:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection

    [2007/11/09 21:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

    [2008/08/30 08:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

    [2008/04/05 08:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jes-Soft

    [2007/01/26 15:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

    [2008/06/15 09:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS

    [2009/07/17 17:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

    [2010/01/02 13:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

    [2008/08/30 08:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

    [2010/06/15 08:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

    [2007/11/11 07:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

    [2009/06/01 10:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

    [2011/02/05 11:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    [2008/03/24 16:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\acccore

    [2011/12/09 19:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\adawaretb

    [2008/01/06 12:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Aim

    [2011/03/22 08:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Amazon

    [2010/03/08 09:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Azureus

    [2009/05/17 10:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Blackberry Desktop

    [2010/09/23 10:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\com.adobe.ExMan

    [2010/11/16 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

    [2007/07/18 16:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CTS

    [2011/12/11 16:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Dropbox

    [2009/03/12 18:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\FileZilla

    [2010/05/09 12:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\foobar2000

    [2007/03/12 15:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Investintech

    [2007/06/24 09:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Leadertech

    [2008/08/30 08:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Nikon

    [2008/04/02 20:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\OfficeUpdate12

    [2009/05/20 07:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Research In Motion

    [2010/05/28 11:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Subversion

    [2007/01/18 12:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Viewpoint

    [2011/10/06 18:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Vso

    [2011/12/11 16:22:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

    [2011/12/11 10:00:42 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

    [2011/12/11 10:02:44 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

    [2011/12/11 10:46:35 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

    [2011/12/11 10:46:42 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

    [2011/12/11 11:46:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

    [2011/12/11 11:46:29 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

    [2011/12/11 12:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job

    [2011/12/11 12:47:31 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job

    [2011/12/11 13:47:34 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job

    [2011/12/11 13:47:48 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job

    [2011/12/11 14:46:27 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

    [2011/12/11 14:46:32 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job

    [2011/12/11 15:47:52 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job

    [2011/12/11 15:46:26 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job

    [2011/12/10 16:46:25 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job

    [2011/12/10 16:52:25 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job

    [2011/12/10 18:20:19 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job

    [2011/12/10 18:18:19 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job

    [2011/12/10 18:46:41 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job

    [2011/12/10 18:46:35 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job

    [2011/12/10 19:46:41 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

    [2011/12/10 19:46:25 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job

    [2011/12/10 20:46:35 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job

    [2011/12/10 20:46:46 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job

    [2011/12/10 21:46:36 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job

    [2011/12/10 21:46:41 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job

    [2011/12/10 22:46:25 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job

    [2011/12/10 22:46:31 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job

    [2011/12/10 23:46:35 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job

    [2011/12/10 23:46:41 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

    [2011/12/09 17:36:54 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

    [2011/12/09 17:36:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job



    [color=#E56717]========== Purity Check ==========[/color]







    [color=#E56717]========== Alternate Data Streams ==========[/color]



    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B835CF2D



    < End of report >
    0
  • Support
    You are welcome /smile.png' class='bbc_emoticon' alt=':)' />



    Please, follow the instructions on http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.



    Read carefully and note the "Disclaimer of warranty"!



    Paste the content of the log into your answer.
    0
  • Support
    I'm sorry to hear that you lost the wireless connection. Please, run the downloaded version of RKill five times, in case it is the malware that interacts.



    Can you move the ComboFix log to a computer with working internet connection? Or even better if you can zip the C:\Qoobox folder and move that to another computer and upload it here. The log, and even more the folder, will show what ComboFix did.



    Is it possible for you to use an Ethernet cable instead of the wireless connection?

    Can you reinstall the driver for the wireless network card?



    Please, check if the connection is working better if you restart the computer in "safe mode with network".
    0
  • Customer
    Cecelia - I ran Combofix as directed, however now my wireless internet connection has limited or no connectivity. I have restarted several times and tried to repair/re-establish the connection with no luck. It seems that this arose from the run of Combofix. Please help. Thanks!
    0
  • Customer
    Here is the attachment!
    0
  • Customer
    Cecilia - Here is the Qoobox file compressed as a rar file. I have yet to get the laptop online, however I will spend some time this evening to re-install the drivers. Thanks!
    0
  • Customer
    Cecilia - I don't know if I have any network settings that are not default. My system should be pretty standard....Verizon Fios wireless router with a network key (yes I have updated the network key on the machine with issues to make sure ComboFix didn't somehow change the saved key). I've completed your instructions for re-establishing the connection, but I am still not able to get on the internet. Also, I cannot upload the files to www.virustotal.com until I can get the internet issue resolved. Thanks!
    0
  • Support
    Do you know if you have any network settings that are not common/default?



    Start 'Command Prompt' (Start - All programs - Accessories) and enter the following commands:



    ipconfig /release

    ipconfig /renew

    ipconfig /flushdns

    netsh winsock reset all

    netsh int ip reset all



    Restart the computer and then check the internet connection. If still no connection continue with the rest.



    We try to restore those parts of what ComboFix removed that has to do with network connections.

    Please, go to C:\Qoobox\Quarantine\Registry_backups



    Rename this file:

    AddRemove-D3EF3AED75646A3F17097FE6095D2DA7936A766A.reg.dat

    to:

    AddRemove-D3EF3AED75646A3F17097FE6095D2DA7936A766A.reg

    Double-click the file and let Windows merge it into the registry.



    Double-click this file:

    C:\Qoobox\Quarantine\Registry_backups\tcpip.reg.dat

    and let Windows merge it into the registry



    Restart the computer and then check the internet connection.



    If that isn't enough I will let you restore more.



    Please, upload these files, one by one, to http://www.virustotal.com/ using the "Upload a file" function and post back the links to the scan reports:

    c:\windows\system32\gbreeJ.com

    c:\windows\system32\gbreeJ.com_
    0
  • Customer
    Laptop is back online.....here is the file requested.
    0
  • Support
    How did you do when you got the internet connection working between post #1 and #2 in this topic?



    Then you have to restore everything that ComboFix changed, even the malicious files and settings.



    Run Rkill 5 times.



    Copy all lines in the box:

    [code]

    Killall::

    DeQuarantine::

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\_1179978550_.zip

    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\2oDh5GCX.exe.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\lsflt7.ver.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\keywords.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\kwrd.dll.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\bckfg.tmp.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\@.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\cfg.ini.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\L\akygdmgo.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\Desktop.ini.vir

    C:\Qoobox\Quarantine\C\Documents and Settings\Richard\Local Settings\Application Data\ptw.exe.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\U\00000001.@.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\U\80000032.@.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\U\00000002.@.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\U\80000004.@.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\U\00000004.@.vir

    C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB45303$\390768573\U\80000000.@.vir

    C:\Qoobox\Quarantine\C\Documents and Settings\Richard\Application Data\vso_ts_preview.xml.vir

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\etc\hosts.txt.vir

    C:\Qoobox\Quarantine\C\WINDOWS\dasetup.log.vir

    C:\Qoobox\Quarantine\C\WINDOWS\tsoc.log.vir

    Quit::

    [/code]

    and paste into Notepad.

    Save the file on the desktop with the name CFScript.



    Prepare the computer according to the instructions for running ComboFix.

    Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.



    Please, go to C:\Qoobox\Quarantine\Registry_backups.

    Remove the extension ".dat" from all the files by renaming them.

    Double-click each file (including the two you already have merged) and let Windows merge it into the registry.



    Restart the computer.

    Run RKill 5 times.

    Post the contents of c:\DeQuarantine.txt log.
    0
  • Support
    Run RKill 5 times whenever you restart the computer.



    1.

    Please, upload these files, one by one, to http://www.virustotal.com/ using the "Upload a file" function and post back the links to the scan reports:

    c:\windows\system32\gbreeJ.com

    c:\windows\system32\gbreeJ.com_



    2.

    Go to the folder C:\WINDOWS\tasks and delete all files starting with At and then followed by a number, for example At8.job, At48.job.



    2.

    Save TDSSKiller on the Desktop:

    [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url]



    Right-click and select [b]Extract all[/b]. Remember the location of the extracted file.

    Turn off all programs.

    Run the program TDSSKiller.exe which is the file you extracted.



    Click on [b]Start Scan[/b].



    If any threats are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip. [/b]Do NOT select Quarantine or Delete.

    The computer might need a restart.



    Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.



    3.

    Restart the computer.

    Please, let aswMBR scan the computer, see <a href='http://public.avast.com/~gmerek/aswMBR.htm' class='bbc_url' title='External link' rel='nofollow external'>http://public.avast....erek/aswMBR.htm</a>



    Follow only the first section, &quot;How to scan&quot;, and don't try to fix anything. Post its log and tell me which lines (if any) that are red and if it would be possible to click the "Fix" button.
    0
  • Customer
    21:24:41.0578 3588 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

    21:24:41.0953 3588 ============================================================

    21:24:41.0953 3588 Current date / time: 2011/12/14 21:24:41.0953

    21:24:41.0953 3588 SystemInfo:

    21:24:41.0953 3588

    21:24:41.0953 3588 OS Version: 5.1.2600 ServicePack: 3.0

    21:24:41.0953 3588 Product type: Workstation

    21:24:41.0953 3588 ComputerName: LABTOP

    21:24:41.0953 3588 UserName: Richard

    21:24:41.0953 3588 Windows directory: C:\WINDOWS

    21:24:41.0953 3588 System windows directory: C:\WINDOWS

    21:24:41.0953 3588 Processor architecture: Intel x86

    21:24:41.0953 3588 Number of processors: 1

    21:24:41.0953 3588 Page size: 0x1000

    21:24:41.0953 3588 Boot type: Normal boot

    21:24:41.0953 3588 ============================================================

    21:24:44.0109 3588 Initialize success

    21:24:53.0875 3784 ============================================================

    21:24:53.0875 3784 Scan started

    21:24:53.0875 3784 Mode: Manual;

    21:24:53.0875 3784 ============================================================

    21:24:55.0671 3784 Abiosdsk - ok

    21:24:55.0718 3784 abp480n5 - ok

    21:24:55.0796 3784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

    21:24:55.0812 3784 ACPI - ok

    21:24:55.0921 3784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

    21:24:55.0921 3784 ACPIEC - ok

    21:24:56.0015 3784 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys

    21:24:56.0031 3784 adfs - ok

    21:24:56.0140 3784 adpu160m - ok

    21:24:56.0187 3784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

    21:24:56.0187 3784 aec - ok

    21:24:56.0250 3784 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys

    21:24:56.0265 3784 Afc - ok

    21:24:56.0343 3784 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

    21:24:56.0343 3784 AFD - ok

    21:24:56.0671 3784 AgereSoftModem (9c7b1314d5e1212bd3d654177c06e24d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

    21:24:56.0718 3784 AgereSoftModem - ok

    21:24:56.0890 3784 AGR1310_51 (6bb51fe523dda91cc4924f98032295a8) C:\WINDOWS\system32\DRIVERS\AGR1310_51.sys

    21:24:56.0890 3784 AGR1310_51 - ok

    21:24:56.0906 3784 Aha154x - ok

    21:24:56.0953 3784 aic78u2 - ok

    21:24:56.0984 3784 aic78xx - ok

    21:24:57.0046 3784 AliIde - ok

    21:24:57.0093 3784 amsint - ok

    21:24:57.0203 3784 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

    21:24:57.0203 3784 Arp1394 - ok

    21:24:57.0234 3784 asc - ok

    21:24:57.0281 3784 asc3350p - ok

    21:24:57.0328 3784 asc3550 - ok

    21:24:57.0421 3784 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys

    21:24:57.0421 3784 ASPI32 - ok

    21:24:57.0484 3784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

    21:24:57.0484 3784 AsyncMac - ok

    21:24:57.0546 3784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

    21:24:57.0546 3784 atapi - ok

    21:24:57.0593 3784 Atdisk - ok

    21:24:57.0812 3784 ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

    21:24:57.0859 3784 ati2mtag - ok

    21:24:58.0109 3784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

    21:24:58.0109 3784 Atmarpc - ok

    21:24:58.0187 3784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

    21:24:58.0187 3784 audstub - ok

    21:24:58.0296 3784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

    21:24:58.0296 3784 Beep - ok

    21:24:58.0343 3784 BOCDRIVE - ok

    21:24:58.0421 3784 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

    21:24:58.0421 3784 Bridge - ok

    21:24:58.0468 3784 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

    21:24:58.0468 3784 BridgeMP - ok

    21:24:58.0593 3784 catchme - ok

    21:24:58.0781 3784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

    21:24:58.0781 3784 cbidf2k - ok

    21:24:58.0796 3784 cd20xrnt - ok

    21:24:58.0859 3784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

    21:24:58.0859 3784 Cdaudio - ok

    21:24:58.0937 3784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

    21:24:58.0937 3784 Cdfs - ok

    21:24:59.0000 3784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

    21:24:59.0000 3784 Cdrom - ok

    21:24:59.0031 3784 Changer - ok

    21:24:59.0093 3784 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

    21:24:59.0093 3784 CmBatt - ok

    21:24:59.0250 3784 CmdIde - ok

    21:24:59.0281 3784 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

    21:24:59.0296 3784 Compbatt - ok

    21:24:59.0328 3784 Cpqarray - ok

    21:24:59.0375 3784 dac2w2k - ok

    21:24:59.0406 3784 dac960nt - ok

    21:24:59.0453 3784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

    21:24:59.0453 3784 Disk - ok

    21:24:59.0578 3784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

    21:24:59.0593 3784 dmboot - ok

    21:24:59.0781 3784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

    21:24:59.0781 3784 dmio - ok

    21:24:59.0843 3784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

    21:24:59.0843 3784 dmload - ok

    21:24:59.0968 3784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

    21:24:59.0968 3784 DMusic - ok

    21:25:00.0000 3784 dpti2o - ok

    21:25:00.0078 3784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

    21:25:00.0078 3784 drmkaud - ok

    21:25:00.0156 3784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

    21:25:00.0156 3784 Fastfat - ok

    21:25:00.0187 3784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

    21:25:00.0203 3784 Fdc - ok

    21:25:00.0234 3784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

    21:25:00.0234 3784 Fips - ok

    21:25:00.0421 3784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

    21:25:00.0421 3784 Flpydisk - ok

    21:25:00.0453 3784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

    21:25:00.0453 3784 FltMgr - ok

    21:25:00.0546 3784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

    21:25:00.0546 3784 Fs_Rec - ok

    21:25:00.0578 3784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

    21:25:00.0593 3784 Ftdisk - ok

    21:25:00.0656 3784 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

    21:25:00.0656 3784 GEARAspiWDM - ok

    21:25:00.0703 3784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

    21:25:00.0703 3784 Gpc - ok

    21:25:00.0750 3784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

    21:25:00.0750 3784 HDAudBus - ok

    21:25:00.0796 3784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

    21:25:00.0812 3784 HidUsb - ok

    21:25:00.0843 3784 hpn - ok

    21:25:01.0031 3784 hpt3xx - ok

    21:25:01.0109 3784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

    21:25:01.0125 3784 HTTP - ok

    21:25:01.0156 3784 i2omgmt - ok

    21:25:01.0171 3784 i2omp - ok

    21:25:01.0218 3784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

    21:25:01.0218 3784 i8042prt - ok

    21:25:01.0265 3784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

    21:25:01.0265 3784 Imapi - ok

    21:25:01.0312 3784 ini910u - ok

    21:25:01.0625 3784 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys

    21:25:01.0875 3784 IntcAzAudAddService - ok

    21:25:02.0015 3784 IntelIde - ok

    21:25:02.0078 3784 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

    21:25:02.0078 3784 ip6fw - ok

    21:25:02.0156 3784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

    21:25:02.0156 3784 IpFilterDriver - ok

    21:25:02.0203 3784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

    21:25:02.0218 3784 IpInIp - ok

    21:25:02.0265 3784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

    21:25:02.0265 3784 IpNat - ok

    21:25:02.0390 3784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

    21:25:02.0390 3784 IPSec - ok

    21:25:02.0437 3784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

    21:25:02.0437 3784 IRENUM - ok

    21:25:02.0593 3784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

    21:25:02.0593 3784 isapnp - ok

    21:25:02.0656 3784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

    21:25:02.0656 3784 Kbdclass - ok

    21:25:02.0703 3784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

    21:25:02.0703 3784 kbdhid - ok

    21:25:02.0750 3784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

    21:25:02.0750 3784 kmixer - ok

    21:25:02.0828 3784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

    21:25:02.0828 3784 KSecDD - ok

    21:25:02.0890 3784 Ktp3 (ce585b27af145d7a5067526eb1ef4a7a) C:\WINDOWS\system32\DRIVERS\Ktp3.sys

    21:25:02.0890 3784 Ktp3 - ok

    21:25:03.0078 3784 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

    21:25:03.0078 3784 Lavasoft Kernexplorer - ok

    21:25:03.0281 3784 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys

    21:25:03.0296 3784 Lbd - ok

    21:25:03.0312 3784 lbrtfdc - ok

    21:25:03.0421 3784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

    21:25:03.0421 3784 mnmdd - ok

    21:25:03.0468 3784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

    21:25:03.0484 3784 Modem - ok

    21:25:03.0515 3784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

    21:25:03.0515 3784 Mouclass - ok

    21:25:03.0609 3784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

    21:25:03.0609 3784 mouhid - ok

    21:25:03.0656 3784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

    21:25:03.0656 3784 MountMgr - ok

    21:25:03.0671 3784 mraid35x - ok

    21:25:03.0765 3784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

    21:25:03.0828 3784 MRxDAV - ok

    21:25:04.0156 3784 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

    21:25:04.0171 3784 MRxSmb - ok

    21:25:04.0265 3784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

    21:25:04.0265 3784 Msfs - ok

    21:25:04.0312 3784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

    21:25:04.0312 3784 MSKSSRV - ok

    21:25:04.0343 3784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

    21:25:04.0343 3784 MSPCLOCK - ok

    21:25:04.0375 3784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

    21:25:04.0375 3784 MSPQM - ok

    21:25:04.0421 3784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

    21:25:04.0421 3784 mssmbios - ok

    21:25:04.0609 3784 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

    21:25:04.0609 3784 Mup - ok

    21:25:04.0671 3784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

    21:25:04.0671 3784 NDIS - ok

    21:25:04.0734 3784 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

    21:25:04.0734 3784 NdisTapi - ok

    21:25:04.0765 3784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

    21:25:04.0765 3784 Ndisuio - ok

    21:25:04.0843 3784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

    21:25:04.0875 3784 NdisWan - ok

    21:25:04.0953 3784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

    21:25:04.0953 3784 NDProxy - ok

    21:25:05.0000 3784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

    21:25:05.0000 3784 NetBIOS - ok

    21:25:05.0171 3784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

    21:25:05.0171 3784 NetBT - ok

    21:25:05.0265 3784 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

    21:25:05.0281 3784 NIC1394 - ok

    21:25:05.0359 3784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

    21:25:05.0359 3784 Npfs - ok

    21:25:05.0437 3784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

    21:25:05.0437 3784 Ntfs - ok

    21:25:05.0625 3784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

    21:25:05.0625 3784 Null - ok

    21:25:05.0656 3784 nvport - ok

    21:25:05.0703 3784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

    21:25:05.0703 3784 NwlnkFlt - ok

    21:25:05.0750 3784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

    21:25:05.0750 3784 NwlnkFwd - ok

    21:25:05.0781 3784 O2MDRDR (9be9afaf92f5f46d109694bbe33c3bda) C:\WINDOWS\system32\DRIVERS\o2media.sys

    21:25:05.0796 3784 O2MDRDR - ok

    21:25:05.0812 3784 O2SDRDR (12a6d826a1a27818170552f2495a567a) C:\WINDOWS\system32\DRIVERS\o2sd.sys

    21:25:05.0812 3784 O2SDRDR - ok

    21:25:05.0890 3784 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

    21:25:05.0906 3784 ohci1394 - ok

    21:25:05.0968 3784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

    21:25:05.0968 3784 Parport - ok

    21:25:06.0000 3784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

    21:25:06.0000 3784 PartMgr - ok

    21:25:06.0046 3784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

    21:25:06.0046 3784 ParVdm - ok

    21:25:06.0156 3784 pbfilter (65fb0c4aa30d84849e0e4c97cb5501ce) C:\Program Files\PeerBlock\pbfilter.sys

    21:25:06.0171 3784 pbfilter - ok

    21:25:06.0406 3784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

    21:25:06.0406 3784 PCI - ok

    21:25:06.0437 3784 PCIDump - ok

    21:25:06.0515 3784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

    21:25:06.0515 3784 PCIIde - ok

    21:25:06.0593 3784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

    21:25:06.0593 3784 Pcmcia - ok

    21:25:06.0656 3784 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys

    21:25:06.0671 3784 Pcouffin - ok

    21:25:06.0687 3784 PDCOMP - ok

    21:25:06.0718 3784 PDFRAME - ok

    21:25:06.0734 3784 PDRELI - ok

    21:25:06.0765 3784 PDRFRAME - ok

    21:25:06.0781 3784 perc2 - ok

    21:25:06.0812 3784 perc2hib - ok

    21:25:06.0937 3784 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys

    21:25:06.0937 3784 pfc - ok

    21:25:07.0125 3784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

    21:25:07.0125 3784 PptpMiniport - ok

    21:25:07.0156 3784 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

    21:25:07.0156 3784 Processor - ok

    21:25:07.0203 3784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

    21:25:07.0203 3784 PSched - ok

    21:25:07.0281 3784 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

    21:25:07.0281 3784 PSI - ok

    21:25:07.0359 3784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

    21:25:07.0359 3784 Ptilink - ok

    21:25:07.0437 3784 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

    21:25:07.0437 3784 PxHelp20 - ok

    21:25:07.0468 3784 ql1080 - ok

    21:25:07.0515 3784 Ql10wnt - ok

    21:25:07.0546 3784 ql12160 - ok

    21:25:07.0578 3784 ql1240 - ok

    21:25:07.0593 3784 ql1280 - ok

    21:25:07.0625 3784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

    21:25:07.0625 3784 RasAcd - ok

    21:25:07.0703 3784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

    21:25:07.0703 3784 Rasl2tp - ok

    21:25:07.0890 3784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

    21:25:07.0890 3784 RasPppoe - ok

    21:25:07.0921 3784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

    21:25:07.0921 3784 Raspti - ok

    21:25:07.0984 3784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

    21:25:07.0984 3784 Rdbss - ok

    21:25:08.0015 3784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

    21:25:08.0015 3784 RDPCDD - ok

    21:25:08.0093 3784 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

    21:25:08.0093 3784 RDPWD - ok

    21:25:08.0156 3784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

    21:25:08.0156 3784 redbook - ok

    21:25:08.0250 3784 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys

    21:25:08.0250 3784 RimUsb - ok

    21:25:08.0281 3784 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

    21:25:08.0296 3784 RimVSerPort - ok

    21:25:08.0359 3784 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

    21:25:08.0359 3784 ROOTMODEM - ok

    21:25:08.0687 3784 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys

    21:25:08.0703 3784 RT61 - ok

    21:25:08.0796 3784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

    21:25:08.0812 3784 Secdrv - ok

    21:25:08.0906 3784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

    21:25:08.0906 3784 Serial - ok

    21:25:09.0093 3784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

    21:25:09.0093 3784 Sfloppy - ok

    21:25:09.0125 3784 Simbad - ok

    21:25:09.0187 3784 Sparrow - ok

    21:25:09.0218 3784 spcstb - ok

    21:25:09.0250 3784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

    21:25:09.0250 3784 splitter - ok

    21:25:09.0312 3784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

    21:25:09.0312 3784 sr - ok

    21:25:09.0406 3784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

    21:25:09.0421 3784 Srv - ok

    21:25:09.0546 3784 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

    21:25:09.0546 3784 StillCam - ok

    21:25:09.0625 3784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

    21:25:09.0625 3784 swenum - ok

    21:25:09.0781 3784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

    21:25:09.0796 3784 swmidi - ok

    21:25:09.0828 3784 symc810 - ok

    21:25:09.0843 3784 symc8xx - ok

    21:25:09.0875 3784 sym_hi - ok

    21:25:09.0906 3784 sym_u3 - ok

    21:25:09.0953 3784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

    21:25:09.0953 3784 sysaudio - ok

    21:25:10.0062 3784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

    21:25:10.0062 3784 Tcpip - ok

    21:25:10.0187 3784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

    21:25:10.0187 3784 TDPIPE - ok

    21:25:10.0312 3784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

    21:25:10.0312 3784 TDTCP - ok

    21:25:10.0359 3784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

    21:25:10.0359 3784 TermDD - ok

    21:25:10.0406 3784 TosIde - ok

    21:25:10.0453 3784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

    21:25:10.0468 3784 Udfs - ok

    21:25:10.0484 3784 ultra - ok

    21:25:10.0546 3784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

    21:25:10.0546 3784 Update - ok

    21:25:10.0671 3784 USBAAPL - ok

    21:25:10.0750 3784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

    21:25:10.0750 3784 usbccgp - ok

    21:25:10.0796 3784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

    21:25:10.0796 3784 usbehci - ok

    21:25:10.0890 3784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

    21:25:10.0906 3784 usbhub - ok

    21:25:10.0953 3784 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

    21:25:10.0953 3784 usbohci - ok

    21:25:11.0046 3784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

    21:25:11.0046 3784 usbprint - ok

    21:25:11.0093 3784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

    21:25:11.0093 3784 usbscan - ok

    21:25:11.0140 3784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

    21:25:11.0140 3784 USBSTOR - ok

    21:25:11.0296 3784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

    21:25:11.0296 3784 VgaSave - ok

    21:25:11.0312 3784 ViaIde - ok

    21:25:11.0359 3784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

    21:25:11.0359 3784 VolSnap - ok

    21:25:11.0500 3784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

    21:25:11.0500 3784 Wanarp - ok

    21:25:11.0515 3784 wanatw - ok

    21:25:11.0546 3784 WDICA - ok

    21:25:11.0578 3784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

    21:25:11.0578 3784 wdmaud - ok

    21:25:11.0734 3784 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

    21:25:11.0750 3784 WpdUsb - ok

    21:25:11.0890 3784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

    21:25:11.0890 3784 WudfPf - ok

    21:25:11.0968 3784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

    21:25:12.0171 3784 \Device\Harddisk0\DR0 - ok

    21:25:12.0171 3784 Boot (0x1200) (df96755a8cc4b9afd666e4e35f64261c) \Device\Harddisk0\DR0\Partition0

    21:25:12.0171 3784 \Device\Harddisk0\DR0\Partition0 - ok

    21:25:12.0187 3784 ============================================================

    21:25:12.0187 3784 Scan finished

    21:25:12.0187 3784 ============================================================

    21:25:12.0203 3392 Detected object count: 0

    21:25:12.0203 3392 Actual detected object count: 0

    21:25:38.0453 3576 Deinitialize success
    0
  • Support
    Good, no rootkit at least.



    Does Ad-Aware work?

    In that case, please run a Full scan and let it move all found files to quarantine.



    In any way, run OTL and paste OTL.txt so I have a fresh log before starting to remove files.
    0
  • Customer
    Cecilia B. - Here is the aswMBR results. The fix button button was operational but nothing was red. I look forward to your input. Thanks!



    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

    Run date: 2011-12-14 21:59:16

    -----------------------------

    21:59:16.156 OS Version: Windows 5.1.2600 Service Pack 3

    21:59:16.156 Number of processors: 1 586 0x2C02

    21:59:16.156 ComputerName: LABTOP UserName:

    21:59:16.828 Initialize success

    21:59:42.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

    21:59:42.718 Disk 0 Vendor: HTS421280H9AT00 HA3OA70G Size: 76319MB BusType: 3

    21:59:44.750 Disk 0 MBR read successfully

    21:59:44.750 Disk 0 MBR scan

    21:59:44.750 Disk 0 Windows XP default MBR code

    21:59:44.750 Disk 0 scanning sectors +156296385

    21:59:44.796 Disk 0 scanning C:\WINDOWS\system32\drivers

    21:59:54.281 Service scanning

    21:59:56.296 Modules scanning

    22:00:22.093 Disk 0 trace - called modules:

    22:00:22.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

    22:00:22.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5e6ab8]

    22:00:22.125 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000080[0x8a6726c8]

    22:00:22.125 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5ec940]

    22:00:22.453 Scan finished successfully

    22:00:57.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Richard\Desktop\MBR.dat"

    22:00:57.187 The log file has been saved successfully to "C:\Documents and Settings\Richard\Desktop\aswMBR.txt"
    0
  • Support
    Please, create a new system restore point that you can restore from in case your internet connection disappears again.



    Are you familiar with the leadstoloans.com web site?



    Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.

    How? See http://www.bleepingcomputer.com/forums/topic114351.html



    Start the program OTL.

    Copy all the lines in the box:

    [code]

    :OTL

    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found

    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found

    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)

    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)

    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)

    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

    [2011/12/13 20:30:13 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richard\Local Settings\Application Data\ptw.exe

    [2011/12/13 20:29:04 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe_

    [2011/12/13 20:29:04 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe

    [2011/12/09 18:47:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\gbreeJ.com.b

    [2011/12/09 17:43:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe.b

    [2011/12/09 17:36:54 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\gbreeJ.com_

    [2011/12/09 17:36:54 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1L4652v.dat

    [2011/12/09 17:23:16 | 000,014,316 | -HS- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o

    [2011/12/09 17:23:16 | 000,014,316 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o

    :Reg

    :Files

    c:\windows\$NtUninstallKB45303$

    :Commands

    [CREATERESTOREPOINT]

    [EMPTYTEMP]

    [REBOOT]

    [/code]

    Paste them into the field Custom Scans/Fixes.

    Click on Run Fix.



    If you are asked to restart the computer do that.



    Notepad will pop-up with a log. Copy it and paste it into your answer.

    If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.



    Be sure that antivirus programs etc. are active before connecting to internet.



    Please, run OTL in the normal way and paste that log, too.
    0
  • Customer
    OTL logfile created on: 12/17/2011 8:37:43 AM - Run 4

    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Richard\Desktop\Computer Maintenece

    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free

    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free

    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]



    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 69.64 Gb Total Space | 5.96 Gb Free Space | 8.56% Space Free | Partition Type: NTFS

    Drive E: | 1.89 Gb Total Space | 1.88 Gb Free Space | 99.67% Space Free | Partition Type: FAT



    Computer Name: LABTOP | User Name: Richard | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: Current user

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days



    [color=#E56717]========== Processes (SafeList) ==========[/color]



    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)

    PRC - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

    PRC - C:\Documents and Settings\Richard\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    PRC - C:\Documents and Settings\Richard\Desktop\Computer Maintenece\OTL.exe (OldTimer Tools)

    PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)

    PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)

    PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

    PRC - C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)

    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    PRC - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()

    PRC - C:\WINDOWS\system32\o2flash.exe ()





    [color=#E56717]========== Modules (SafeList) ==========[/color]



    MOD - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll (Lavasoft)

    MOD - C:\Documents and Settings\Richard\Desktop\Computer Maintenece\OTL.exe (OldTimer Tools)

    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)





    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]



    SRV - (Roxio Upnp Server 9) -- File not found

    SRV - (Roxio UPnP Renderer 9) -- File not found

    SRV - (AppMgmt) -- File not found

    SRV - (ACDaemon) -- File not found

    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

    SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)

    SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)

    SRV - (dev5_ap1) -- C:\phpdev5\apache\Apache.exe ()

    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

    SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)

    SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()

    SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe ()





    [color=#E56717]========== Driver Services (SafeList) ==========[/color]



    DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

    DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)

    DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()

    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

    DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

    DRV - (O2MDRDR) -- C:\WINDOWS\System32\DRIVERS\o2media.sys (O2Micro )

    DRV - (O2SDRDR) -- C:\WINDOWS\System32\DRIVERS\o2sd.sys (O2Micro )

    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

    DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)

    DRV - (AGR1310_51) -- C:\WINDOWS\system32\drivers\AGR1310_51.sys (Agere Systems)

    DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

    DRV - (Ktp3) -- C:\WINDOWS\system32\drivers\Ktp3.sys (Elantech Devices Corp.)

    DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)





    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]





    [color=#E56717]========== Internet Explorer ==========[/color]





    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    [color=#E56717]========== FireFox ==========[/color]



    FF - prefs.js..browser.search.selectedEngine: "Search the Web"

    FF - prefs.js..browser.search.update: false

    FF - prefs.js..browser.search.useDBForOrder: true

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

    FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0

    FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106

    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10

    FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

    FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9

    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="

    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - prefs.js..network.proxy.type: 1



    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/26 18:19:54 | 000,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/22 08:14:27 | 000,000,000 | ---D | M]



    [2009/04/19 20:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions

    [2011/12/01 17:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions

    [2011/05/04 11:48:31 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

    [2010/12/28 12:30:28 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

    [2011/11/30 23:00:34 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

    [2011/05/04 11:48:33 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

    [2011/11/30 23:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    [2010/03/16 09:27:46 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

    [2011/05/21 07:29:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    [2008/09/10 00:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll

    [2011/05/21 07:29:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    [2011/10/17 13:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml



    Hosts file not found

    O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()

    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()

    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

    O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

    O4 - Startup: C:\Documents and Settings\Richard\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Richard\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

    O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A101} http://www.leadstoloans.com/activex/fafile.dll (First American File Control)

    O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A201} http://www.leadstoloans.com/activex/faprint.dll (First American Print Control)

    O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A301} http://www.leadstoloans.com/activex/fagrid.dll (First American Grid Control)

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159818431983 (WUWebControl Class)

    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159818421170 (MUWebControl Class)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)

    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

    O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

    O24 - Desktop WallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2009/06/11 10:43:27 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*



    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]



    [2011/12/17 08:24:19 | 000,000,000 | ---D | C] -- C:\_OTL

    [2011/12/14 21:58:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Richard\Desktop\aswMBR.exe

    [2011/12/14 18:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

    [2011/12/13 20:28:23 | 000,000,000 | --SD | C] -- C:\ComboFix

    [2011/12/13 20:25:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER

    [2011/12/11 17:31:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

    [2011/12/11 17:31:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

    [2011/12/11 17:31:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

    [2011/12/11 17:31:17 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2011/12/11 17:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Richard\Start Menu\Programs\Administrative Tools

    [2011/12/11 17:29:15 | 004,337,036 | R--- | C] (Swearware) -- C:\Documents and Settings\Richard\Desktop\ComboFix.exe

    [2011/12/09 19:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

    [2011/12/09 19:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

    [2011/12/09 17:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\adawaretb

    [2011/11/30 23:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\adaware

    [2011/11/30 23:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection

    [2011/11/30 23:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner

    [2011/11/30 23:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\adawaretb

    [2011/11/30 23:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb

    [2011/11/29 09:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\My Documents\Adobe Scripts

    [2011/11/28 20:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\usrMainPlay

    [2007/11/10 23:30:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Richard\Application Data\pcouffin.sys



    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]



    [2011/12/17 08:28:42 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2011/12/17 08:28:25 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

    [2011/12/17 08:27:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2011/12/16 13:25:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

    [2011/12/16 13:25:23 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

    [2011/12/14 22:00:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\MBR.dat

    [2011/12/14 21:58:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Richard\Desktop\aswMBR.exe

    [2011/12/14 21:23:16 | 001,557,791 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\tdsskiller.zip

    [2011/12/14 21:10:26 | 002,848,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2011/12/14 19:07:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2011/12/13 20:30:12 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Richard\Application Data\vso_ts_preview.xml

    [2011/12/13 07:41:53 | 000,011,977 | ---- | M] () -- C:\Documents and Settings\Richard\all

    [2011/12/11 17:29:25 | 004,337,036 | R--- | M] (Swearware) -- C:\Documents and Settings\Richard\Desktop\ComboFix.exe

    [2011/12/11 16:08:56 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\rk-proxy.reg

    [2011/12/11 16:02:16 | 001,008,120 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\iExplore.exe

    [2011/12/11 15:47:56 | 000,001,205 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\FixNCR.reg

    [2011/12/09 18:47:45 | 000,079,872 | ---- | M] () -- C:\WINDOWS\System32\gbreeJ.com

    [2011/12/02 13:27:31 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

    [2011/11/30 23:00:24 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

    [2011/11/23 13:00:52 | 000,156,672 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys

    [2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

    [2011/11/18 14:33:14 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\hordersRus (E).lnk



    [color=#E56717]========== Files Created - No Company Name ==========[/color]



    [2011/12/14 22:00:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\MBR.dat

    [2011/12/14 21:23:03 | 001,557,791 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\tdsskiller.zip

    [2011/12/13 20:30:12 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\vso_ts_preview.xml

    [2011/12/13 17:46:00 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\gbreeJ.com

    [2011/12/13 07:28:31 | 000,011,977 | ---- | C] () -- C:\Documents and Settings\Richard\all

    [2011/12/11 17:31:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

    [2011/12/11 17:31:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

    [2011/12/11 17:31:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

    [2011/12/11 17:31:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

    [2011/12/11 17:31:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

    [2011/12/11 16:08:56 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\rk-proxy.reg

    [2011/12/11 16:02:14 | 001,008,120 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\iExplore.exe

    [2011/12/11 15:59:41 | 000,001,205 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\FixNCR.reg

    [2011/12/01 07:26:06 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

    [2011/11/18 14:32:51 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\hordersRus (E).lnk

    [2011/05/27 11:06:06 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

    [2011/05/27 11:06:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

    [2010/10/21 20:49:22 | 000,207,982 | ---- | C] () -- C:\WINDOWS\hpoins43.dat

    [2010/10/21 20:49:22 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat

    [2010/08/23 13:51:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\phpdev.ini

    [2010/08/05 09:57:49 | 000,134,272 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

    [2010/03/22 11:25:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

    [2009/10/08 07:52:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2009/07/27 14:35:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

    [2009/04/30 15:08:59 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

    [2009/04/24 13:27:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Font Book

    [2009/03/12 18:56:25 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\winscp.rnd

    [2008/10/09 15:25:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

    [2008/10/09 11:27:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

    [2008/08/30 08:29:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

    [2008/08/30 08:29:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\Galaxy Swirl

    [2008/05/20 23:05:59 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

    [2008/04/04 10:05:12 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe

    [2008/01/06 14:13:49 | 000,000,054 | ---- | C] () -- C:\WINDOWS\winpoint.ini

    [2007/11/10 23:30:24 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\pcouffin.cat

    [2007/11/10 23:30:24 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\pcouffin.inf

    [2007/11/09 21:48:20 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll

    [2007/04/30 13:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI

    [2007/04/28 07:23:41 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

    [2007/04/17 14:28:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

    [2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

    [2006/11/26 16:40:52 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

    [2006/11/17 23:35:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\hndlt.ini

    [2006/11/17 23:34:41 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\windll.ini

    [2006/11/08 19:59:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini

    [2006/10/09 11:00:34 | 000,156,672 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2006/10/04 11:35:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

    [2006/10/02 19:50:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

    [2006/10/02 19:33:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini

    [2006/10/02 15:29:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

    [2006/10/02 14:32:15 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini

    [2006/10/02 09:56:30 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\FASTWiz.html

    [2006/09/30 14:26:44 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini

    [2006/09/29 19:10:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

    [2006/07/18 13:31:20 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\fusioncache.dat

    [2006/07/12 15:26:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

    [2006/07/12 15:20:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    [2006/07/12 07:41:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    [2006/07/12 07:40:05 | 002,848,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2005/01/27 01:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe

    [2005/01/20 21:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll

    [2003/09/16 10:52:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

    [2003/09/16 10:43:31 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

    [2003/09/16 10:41:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    [2001/08/18 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

    [2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

    [2001/08/18 07:00:00 | 000,466,782 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

    [2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

    [2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

    [2001/08/18 07:00:00 | 000,081,574 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

    [2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

    [2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

    [2001/08/18 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    [2001/08/18 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

    [2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat



    [color=#E56717]========== LOP Check ==========[/color]



    [2011/12/15 09:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection

    [2007/11/09 21:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

    [2008/08/30 08:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

    [2008/04/05 08:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jes-Soft

    [2007/01/26 15:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

    [2008/06/15 09:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS

    [2009/07/17 17:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

    [2008/08/30 08:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

    [2010/06/15 08:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

    [2007/11/11 07:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

    [2009/06/01 10:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

    [2011/02/05 11:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    [2008/03/24 16:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\acccore

    [2011/12/12 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\adawaretb

    [2008/01/06 12:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Aim

    [2011/03/22 08:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Amazon

    [2010/03/08 09:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Azureus

    [2009/05/17 10:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Blackberry Desktop

    [2010/09/23 10:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\com.adobe.ExMan

    [2010/11/16 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

    [2007/07/18 16:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CTS

    [2011/12/15 09:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Dropbox

    [2009/03/12 18:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\FileZilla

    [2010/05/09 12:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\foobar2000

    [2007/03/12 15:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Investintech

    [2007/06/24 09:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Leadertech

    [2008/08/30 08:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Nikon

    [2008/04/02 20:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\OfficeUpdate12

    [2009/05/20 07:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Research In Motion

    [2010/05/28 11:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Subversion

    [2007/01/18 12:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Viewpoint

    [2011/10/06 18:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Vso

    [2011/12/17 08:28:25 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job



    [color=#E56717]========== Purity Check ==========[/color]







    < End of report >
    0
  • Customer
    Cecilia - Thanks for your help. I know the website leadstoloans.com, I used it many years ago for work. I have completed the steps and guess what....the computer is back offline stating, "limited or no connectivity". Should I restore to the point I established before running the OTL fix? In any case, here are the logs that I transferred to another computer to post. Thanks!



    All processes killed

    ========== OTL ==========

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020\ deleted successfully.

    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.

    Starting removal of ActiveX control {6A344D34-5231-452A-8A57-D064AC9B7862}

    C:\WINDOWS\Downloaded Program Files\symdlmgr.inf moved successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A344D34-5231-452A-8A57-D064AC9B7862}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A344D34-5231-452A-8A57-D064AC9B7862}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ not found.

    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

    Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\DownloadInformation\\INF .

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.

    C:\Documents and Settings\Richard\Local Settings\Application Data\ptw.exe moved successfully.

    C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe_ moved successfully.

    C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe moved successfully.

    C:\WINDOWS\system32\gbreeJ.com.b moved successfully.

    C:\Documents and Settings\All Users\Application Data\2oDh5GCX.exe.b moved successfully.

    C:\WINDOWS\system32\gbreeJ.com_ moved successfully.

    C:\Documents and Settings\All Users\Application Data\1L4652v.dat moved successfully.

    C:\Documents and Settings\Richard\Local Settings\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o moved successfully.

    C:\Documents and Settings\All Users\Application Data\ywrueq5u4qhe1dyx0coe5q142c6o moved successfully.

    ========== REGISTRY ==========

    ========== FILES ==========

    c:\windows\$NtUninstallKB45303$\390768573\U folder moved successfully.

    c:\windows\$NtUninstallKB45303$\390768573\L folder moved successfully.

    c:\windows\$NtUninstallKB45303$\390768573 folder moved successfully.

    c:\windows\$NtUninstallKB45303$ folder moved successfully.

    ========== COMMANDS ==========

    Restore point Set: OTL Restore Point (0)



    [EMPTYTEMP]
    0
  • Support
    You are welcome /smile.png' class='bbc_emoticon' alt=':)' />



    There must be a bad file that has "hijacked" your internet connection. I missed one file in the script so before doing the system restore see if it helps to delete that one. The script will be very short this time so I think you can write it directly into the text field of OTL.



    Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.

    How? See http://www.bleepingcomputer.com/forums/topic114351.html



    Start the program OTL.

    Write the following lines in the box:

    [code]

    :Files

    C:\WINDOWS\System32\gbreeJ.com

    [/code]

    Paste them into the field Custom Scans/Fixes.

    Click on Run Fix.



    Restart the computer and check the internet connection.
    0
  • Customer
    Nope....internet still down after using the new script. /sad.png' class='bbc_emoticon' alt=':(' />
    0
  • Support
    Let us try some common fixes for internet connection issues before the system restore. Restart and test internet connection after each program, and if it works you can stop there.



    1. See if Winsock Fix can do some repair:

    http://majorgeeks.com/WinSock_XP_Fix_d4372.html

    The link is under the header DOWNLOAD LOCATIONS.



    2. Start 'Command Prompt' (Start - All programs - Accessories) and enter the following commands:



    ipconfig /release

    ipconfig /renew

    ipconfig /flushdns

    netsh winsock reset all

    netsh int ip reset all



    3. Start 'Command Prompt' and enter:



    ipconfig /all



    Copy the content and paste into Notepad. Save the file and transfer it to the other computer so you can paste it here.
    0
  • Customer
    Good news....Winsock Fix appears to have fixed the connectivity issue. I'll wait for your next instructions. Thanks so much!
    0
  • Customer
    Cecilia - I uninstalled and reinstalled ComboFix. Here is the log from the scan....



    ComboFix 11-12-17.05 - Richard 12/18/2011 8:24.4.1 - x86

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.797 [GMT -5:00]

    Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\Richard\Application Data\vso_ts_preview.xml

    c:\windows\dasetup.log

    c:\windows\system32\drivers\etc\hosts.txt

    c:\windows\tsoc.log

    .

    .

    ((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))

    .

    .

    2011-12-18 00:09 . 2011-12-18 00:09 -------- dc----w- C:\ERDNT

    2011-12-17 13:24 . 2011-12-17 13:24 -------- dc----w- C:\_OTL

    2011-12-14 23:51 . 2011-12-14 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

    2011-12-10 18:52 . 2011-12-10 19:03 -------- d-----w- c:\documents and settings\Administrator

    2011-12-10 00:15 . 2011-12-10 00:15 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

    2011-12-09 22:36 . 2011-12-10 00:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\adawaretb

    2011-12-01 12:26 . 2011-12-02 18:27 16432 ----a-w- c:\windows\system32\lsdelete.exe

    2011-12-01 04:00 . 2011-12-01 04:00 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\adaware

    2011-12-01 04:00 . 2011-12-18 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection

    2011-12-01 04:00 . 2011-12-01 04:00 -------- d-----w- c:\program files\Toolbar Cleaner

    2011-12-01 04:00 . 2011-12-13 01:10 -------- d-----w- c:\documents and settings\Richard\Application Data\adawaretb

    2011-12-01 04:00 . 2011-12-01 04:00 -------- d-----w- c:\program files\adawaretb

    2011-11-29 01:48 . 2011-11-29 01:48 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\usrMainPlay

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-11-23 13:25 . 2001-08-18 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

    2011-11-04 19:20 . 2004-01-08 19:23 916992 ----a-w- c:\windows\system32\wininet.dll

    2011-11-04 19:20 . 2001-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

    2011-11-04 19:20 . 2001-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

    2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

    2011-11-03 17:06 . 2011-05-20 17:19 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

    2011-11-01 16:07 . 2006-10-02 20:03 1288704 ----a-w- c:\windows\system32\ole32.dll

    2011-10-28 05:31 . 2001-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

    2011-10-25 13:33 . 2001-08-18 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

    2011-10-25 12:52 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2011-10-19 12:46 . 2011-05-21 12:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2011-10-18 11:13 . 2004-08-04 07:56 186880 ------w- c:\windows\system32\encdec.dll

    2011-10-10 14:22 . 2006-07-12 20:21 692736 ----a-w- c:\windows\system32\inetcomm.dll

    2011-09-28 07:06 . 2002-09-23 19:10 599040 ----a-w- c:\windows\system32\crypt32.dll

    2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

    2011-09-26 15:41 . 2001-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

    2011-09-26 15:41 . 2001-08-18 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]

    .

    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Richard\Application Data\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Richard\Application Data\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Richard\Application Data\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Richard\Application Data\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    .

    c:\documents and settings\Richard\Start Menu\Programs\Startup\

    Dropbox.lnk - c:\documents and settings\Richard\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

    .

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

    Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-1-18 41041]

    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    "FirewallOverride"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    "DisableNotifications"= 1 (0x1)

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Documents and Settings\\Richard\\Desktop\\utorrent.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    "c:\\Documents and Settings\\Richard\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

    "c:\\Program Files\\adawaretb\\dtUser.exe"=

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "3703:TCP"= 3703:TCP:*:Disabled:Adobe Version Cue CS4 Server

    "3704:TCP"= 3704:TCP:*:Disabled:Adobe Version Cue CS4 Server

    "51000:TCP"= 51000:TCP:*:Disabled:Adobe Version Cue CS4 Server

    "51001:TCP"= 51001:TCP:*:Disabled:Adobe Version Cue CS4 Server

    "5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

    "3306:TCP"= 3306:TCP:MySQL

    .

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/20/2011 12:19 PM 64512]

    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/27/2006 12:00 AM 34880]

    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2/20/2006 1:01 AM 29056]

    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]

    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]

    R3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [12/14/2009 6:26 PM 70144]

    R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/25/2006 7:16 PM 47360]

    S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [1/18/2008 12:37 AM 24635]

    S2 dev5_ap1;dev5_ap1;c:\phpdev5\Apache\Apache.exe [8/23/2010 1:50 PM 20480]

    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]

    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]

    S3 Ktp3;Elantech TouchPad;c:\windows\system32\drivers\Ktp3.sys [4/20/2005 4:47 PM 24704]

    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [4/1/2010 9:37 AM 14424]

    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HPService REG_MULTI_SZ HPSLPSVC

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2011-12-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job

    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com

    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    TCP: DhcpNameServer = 192.168.1.1

    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB

    DPF: {4F4D2E63-0377-4188-8B70-52934FA8A101} - hxxp://www.leadstoloans.com/activex/fafile.dll

    DPF: {4F4D2E63-0377-4188-8B70-52934FA8A201} - hxxp://www.leadstoloans.com/activex/faprint.dll

    DPF: {4F4D2E63-0377-4188-8B70-52934FA8A301} - hxxp://www.leadstoloans.com/activex/fagrid.dll

    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

    FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\

    FF - prefs.js: browser.search.selectedEngine - Search the Web

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=

    FF - prefs.js: network.proxy.type - 1

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

    FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

    FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

    FF - Ext: Ad-Aware Security Toolbar: {87934c42-161d-45bc-8cef-ef18abe2a30c} - %profile%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

    .

    - - - - ORPHANS REMOVED - - - -

    .

    SafeBoot-mcmscsvc

    SafeBoot-MCODS

    AddRemove-Azureus Vuze - c:\program files\Azureus\uninstall.exe

    AddRemove-D3EF3AED75646A3F17097FE6095D2DA7936A766A - c:\progra~1\DIFX\DPInst.exe

    AddRemove-MeridianLink Site Security Certificate - c:\progra~1\SITECH~1\UNWISE.EXE

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2011-12-18 08:37

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]

    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

    @Denied: (2) (LocalSystem)

    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,d7,df,87,8a,8e,27,40,a2,1b,df,\

    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,d7,df,87,8a,8e,27,40,a2,1b,df,\

    .

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]

    "DisplayName"="???\17?\11\09"

    "DeviceDesc"="???\17?\11\09"

    "ProviderName"="???\11?\17?\11??"

    "MFG"="???????"

    "ReinstallString"=".10.1000.5"

    "DeviceInstanceIds"=multi:"c:\\docume~1\\richard\\locals~1\\temp\\wzse0.tmp\\sbdrv\\smbus\\smbusati.inf\00"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(500)

    c:\windows\system32\Ati2evxx.dll

    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

    .

    Completion time: 2011-12-18 08:40:59

    ComboFix-quarantined-files.txt 2011-12-18 13:40

    .

    Pre-Run: 8,044,933,120 bytes free

    Post-Run: 8,030,658,560 bytes free

    .

    - - End Of File - - F97010F38219BC8B4312B6BE25B0CCFB
    0
  • Support
    You are welcome /smile.png' class='bbc_emoticon' alt=':)' />



    Good, please delete your current ComboFix, download a new ComboFix and run it according to the instructions.
    0
  • Customer
    Cecilia...the computer seems to be working fine. Thanks so much. Is there anything left to do?
    0
  • Support
    Does the computer behave normally now?

    In that case it is time for the final stuff.
    0

Please sign in to leave a comment.