Jump to content

Recommended Posts

First off, Hello! I am grateful you are taking the time to look into this as i've spent over 3 days trying to figure this out to no avail :(

Background: Was on a tv-links webpage trying to watch a show on megavideo through Firefox browser, when a fake AV security software was installed on my computer. I got rid of it, however my system has been slow ever since. So i did the following:

Windows XP, SP3. MSI WIND netbook computer.

Scanned with malewarebytes, Nothing

Scanned with AVG, Nothing

Scanned with Microsoft Security Essentials, Nothing

Scanned with Avast, Nothing.

Randomly my task manager says a process called "IEXPLORE.EXE" takes up my cpu and memory like no other. When i end the task, everything resumes, but it comes back within a few minutes. I am currently using "process blocker" to stop this, however i still get re-directs on webpages randomly.

I did a format recovery of the OS three times, yet the problem is re-occuring. Below is my HIJACK THIS log. I would be grateful if someone could give me some pointers as to how to protect myself from another browser attack, that is stop random software from being installed on my computer.

Thanks again,

-ZabijeCie

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:24:42 PM, on 11/30/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\System Control Manager\MSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\System Control Manager\MGSysCtrl.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Trend Micro\Browser Guard\BGUI.exe

C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe

C:\Program Files\Process Blocker\Process Blocker.exe

C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msi.com.tw/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IEGBH0 - {9F3209E2-334B-41E9-B09C-703F398742E7} - (no file)

O2 - BHO: TMIEGBHO - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll

O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [Trend Micro Browser Guard] "C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: Bluetooth Manager.lnk = ?

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw

O17 - HKLM\System\CCS\Services\Tcpip\..\{1353CF70-D9D9-4350-A8C6-894E03FA5623}: NameServer = 209.18.47.61,209.18.47.62

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe

O23 - Service: Process Blocker - Softros Systems, Inc. - C:\Program Files\Process Blocker\Process Blocker.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 4687 bytes

hijackthis.log

Link to post
Share on other sites

Hello Zabijecie! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

This is very serious, formatting and then re-infection with the same. Now we'll see how I can be helpful.

Step 1

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Step 2

  1. Download aswMBR.exe (1870KB) to your desktop.
  2. Double click the aswMBR.exe to run it
    aswMBR1.png
  3. Click the [scan] button to start scan
    aswMBR2.png
  4. On completion of the scan click [save log], save it to your desktop and post in your next reply.

In your next reply, please post the following log files:

  • OTL log with Extras.txt
  • aswMBR log

Link to post
Share on other sites

Maniac,

Thank you for getting back to me so promtply, much appriciated. Below are the requested log files from OTL. However, aswMBR.exe does not work/run. I have downloaded the file twice, and restarted my computer. The program changes my cursor to a loading type, but nothing else happens. The task manager remains unaffected. Disabled my protection while trying to open it as well, still nothing. Everything else was done as instructed, i did leave this browser window open to read the instructions while doing the scans.

Thanks again,

ZabijeCie

(OTL - Also attached)

OTL logfile created on: 12/1/2011 4:38:55 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = D:\drivers

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.20% Memory free

3.84 Gb Paging File | 3.33 Gb Available in Paging File | 86.68% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39.07 Gb Total Space | 27.67 Gb Free Space | 70.84% Space Free | Partition Type: NTFS

Drive D: | 106.07 Gb Total Space | 73.20 Gb Free Space | 69.01% Space Free | Partition Type: NTFS

Computer Name: YOUR-0D10610B06 | User Name: MSI | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\drivers\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet)

PRC - C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.)

PRC - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\BitDefender\TrafficLight\bsserv.exe (BitDefender)

PRC - C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Browser Guard\BGUI.exe (Trend Micro Inc.)

PRC - C:\Program Files\Process Blocker\Process Blocker.exe (Softros Systems, Inc.)

PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)

PRC - C:\Program Files\System Control Manager\MSIService.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_1\AS2\ashttprbl.mdl ()

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_1\AS2\ashttpph.mdl ()

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_1\AS2\ashttpfr.mdl ()

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_1\AS2\ashttpbr.mdl ()

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_1\AS2\ashttpdsp.mdl ()

MOD - \\?\C:\Program Files\BitDefender\TrafficLight\av32bit2011_6810\avxdisk.dll ()

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11\bdmetrics.dll ()

MOD - C:\Program Files\Immunet\3.0.5\dhr.dll ()

MOD - C:\Program Files\Immunet\3.0.5\dsp.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()

MOD - C:\Program Files\System Control Manager\MGKBHook.dll ()

MOD - C:\Program Files\System Control Manager\MSIService.exe ()

MOD - C:\Program Files\System Control Manager\MSIWmiAcpi.dll ()

MOD - C:\Program Files\WinRAR 3.61 Multi\RarExt.dll ()

MOD - C:\WINDOWS\system32\TosCommAPI.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (scan) -- C:\Program Files\Immunet\tetra\scan.dll (S.C. BitDefender S.R.L)

SRV - (ImmunetProtect) -- C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.)

SRV - (bsserv) -- C:\Program Files\BitDefender\TrafficLight\bsserv.exe (BitDefender)

SRV - (Process Blocker) -- C:\Program Files\Process Blocker\Process Blocker.exe (Softros Systems, Inc.)

SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe ()

SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (Trufos) -- C:\WINDOWS\system32\drivers\Trufos.sys (BitDefender S.R.L.)

DRV - (ImmunetProtectDriver) -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys (Windows ® Win 7 DDK provider)

DRV - (ImmunetSelfProtectDriver) -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys (Windows ® Win 7 DDK provider)

DRV - (bdftdif_bs) -- C:\Program Files\BitDefender\TrafficLight\bdftdif.sys (BitDefender LLC)

DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation )

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corporation)

DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Better Pop Up Blocker = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)

O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [immunet Protect] C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)

O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1353CF70-D9D9-4350-A8C6-894E03FA5623}: NameServer = 209.18.47.61,209.18.47.62

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/10/15 17:15:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 01:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2011/12/01 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Browser Guard

[2011/12/01 01:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/12/01 01:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Browser Guard

[2011/12/01 01:06:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/12/01 01:04:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\Application Data\Microsoft

[2011/12/01 01:04:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\Cookies

[2011/12/01 01:04:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\Application Data

[2011/12/01 01:04:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Favorites

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Toshiba

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft Help

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\InstallShield

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Identities

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Desktop

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Adobe

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Adobe

[2011/12/01 01:04:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\SendTo

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Startup

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents\My Pictures

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents\My Music

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Accessories

[2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\Templates

[2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\PrintHood

[2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\NetHood

[2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\Local Settings

[2011/12/01 01:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\WinRAR

[2011/12/01 01:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\My Documents\Bluetooth

[2011/12/01 01:01:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2011/12/01 00:51:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\RE_DRIVE

[2011/12/01 00:00:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\Recent

[2011/11/30 23:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011/11/30 23:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Immunet

[2011/11/30 23:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Immunet

[2011/11/30 23:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Immunet 3.0

[2011/11/30 23:46:45 | 000,034,080 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys

[2011/11/30 23:46:40 | 000,050,976 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys

[2011/11/30 23:46:34 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys

[2011/11/30 23:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet

[2011/11/30 23:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender

[2011/11/30 23:33:31 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2011/11/30 23:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\My Documents\Downloads

[2011/11/30 23:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Macromedia

[2011/11/30 23:10:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\UserData

[2011/11/30 23:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Process Blocker

[2011/11/30 23:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Process Blocker

[2011/11/30 23:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Google

[2011/11/30 23:08:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2011/11/30 23:07:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 16:23:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/01 16:23:24 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/12/01 16:23:23 | 2136,268,800 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/01 01:07:17 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/12/01 01:07:17 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/12/01 01:04:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/01 01:03:59 | 000,001,215 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2011/12/01 01:03:52 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2011/12/01 01:02:58 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

[2011/12/01 01:02:15 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2011/12/01 00:13:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005UA.job

[2011/11/30 23:46:32 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys

[2011/11/30 23:46:31 | 000,050,976 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys

[2011/11/30 23:46:31 | 000,034,080 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys

[2011/11/30 23:33:30 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2011/11/30 23:13:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005Core.job

[2011/11/30 23:11:05 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\MSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/01 01:04:22 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Remote Assistance.lnk

[2011/12/01 01:04:22 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Windows Media Player.lnk

[2011/12/01 01:04:22 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Internet Explorer.lnk

[2011/12/01 01:04:22 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Outlook Express.lnk

[2011/12/01 01:02:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2011/12/01 01:00:18 | 2136,268,800 | -HS- | C] () -- C:\hiberfil.sys

[2011/11/30 23:10:12 | 000,002,256 | ---- | C] () -- C:\Documents and Settings\MSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/11/30 23:08:58 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005UA.job

[2011/11/30 23:08:57 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005Core.job

[2008/10/15 21:37:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/10/15 19:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2008/10/15 18:00:08 | 006,184,960 | R--- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll

[2008/10/15 17:58:58 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/10/15 17:57:11 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll

[2008/10/15 17:18:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/10/15 17:13:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/10/15 16:59:25 | 000,001,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2008/10/15 16:59:17 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/10/15 16:59:17 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/10/15 16:59:17 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/10/15 16:59:17 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/10/15 16:59:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/10/15 16:59:16 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/10/15 16:59:16 | 000,004,628 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/10/15 16:59:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/10/15 16:59:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/10/15 16:59:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/10/15 16:59:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/10/15 16:59:10 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/10/15 10:07:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/10/15 10:06:04 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2008/10/15 19:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2011/11/30 23:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MSI\Application Data\Immunet

========== Purity Check ==========

< End of report >

(OTL Extras - Also Attached)

OTL Extras logfile created on: 12/1/2011 4:38:55 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = D:\drivers

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.20% Memory free

3.84 Gb Paging File | 3.33 Gb Available in Paging File | 86.68% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39.07 Gb Total Space | 27.67 Gb Free Space | 70.84% Space Free | Partition Type: NTFS

Drive D: | 106.07 Gb Total Space | 73.20 Gb Free Space | 69.01% Space Free | Partition Type: NTFS

Computer Name: YOUR-0D10610B06 | User Name: MSI | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{2FC1B3A7-9BD2-48B2-B05E-43243C72FFB7}" = Process Blocker

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{59D4C823-ABAC-4E3D-B624-C3678B873227}" = BitDefender TrafficLight

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AE395DB-6BC3-4CA9-B894-351CB8DE915A}" = BurnRecovery

"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5

"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader

"{D4ADDB2A-EE3C-41A7-88DF-99333DAE18E3}" = Browser Guard v3.0

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"4E1F54FAB25DB3EE9094949BF3DFDCF6E1CF07E6" = Windows Driver Package - Realtek (rtl8187Se) Net (07/10/2008 5.9067.0710.2008)

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"BitDefender TrafficLight" = BitDefender TrafficLight

"CCleaner" = CCleaner

"E0E22E828DBDB1F29F3D91CF328727F39AF8062B" = Windows Driver Package - Atheros (AR5416) Net (04/08/2008 7.6.0.200)

"E920DD3E0FC6CCFF23A10B3AF7C6DC99BA39648C" = Windows Driver Package - Ralink Technology, Corp. (RT80x86) Net (05/19/2008 1.01.03.0000)

"HDMI" = Intel® Graphics Media Accelerator Driver

"Immunet Protect" = Immunet 3.0

"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE

"PROHYBRIDR" = 2007 Microsoft Office system

"VLC media player" = VLC media player 1.1.11

"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ System Events ]

Error - 12/1/2011 5:29:46 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/1/2011 5:31:46 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/1/2011 5:33:47 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/1/2011 5:34:18 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/1/2011 5:36:18 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/1/2011 5:38:18 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/1/2011 5:38:49 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/1/2011 5:40:49 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/1/2011 5:42:49 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/1/2011 5:43:20 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

< End of report >

aswMBR.exe - could not get the file open :(

OTL.Txt

Extras.Txt

Link to post
Share on other sites

As requested,

OTL

OTL logfile created on: 12/7/2011 9:47:37 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = D:\drivers

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.85% Memory free

3.84 Gb Paging File | 3.10 Gb Available in Paging File | 80.64% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39.07 Gb Total Space | 27.13 Gb Free Space | 69.45% Space Free | Partition Type: NTFS

Drive D: | 106.07 Gb Total Space | 72.38 Gb Free Space | 68.23% Space Free | Partition Type: NTFS

Computer Name: YOUR-0D10610B06 | User Name: MSI | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet)

PRC - C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.)

PRC - D:\drivers\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\BitDefender\TrafficLight\bsserv.exe (BitDefender)

PRC - C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Browser Guard\BGUI.exe (Trend Micro Inc.)

PRC - C:\Program Files\Process Blocker\Process Blocker.exe (Softros Systems, Inc.)

PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)

PRC - C:\Program Files\System Control Manager\MSIService.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_31\AS2\ashttprbl.mdl ()

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_31\AS2\ashttpfr.mdl ()

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_31\AS2\ashttpph.mdl ()

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_31\AS2\ashttpbr.mdl ()

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_31\AS2\ashttpdsp.mdl ()

MOD - \\?\C:\Program Files\BitDefender\TrafficLight\av32bit2011_6891\avxdisk.dll ()

MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_29\bdmetrics.dll ()

MOD - C:\Program Files\Immunet\3.0.5\dhr.dll ()

MOD - C:\Program Files\Immunet\3.0.5\dsp.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()

MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()

MOD - C:\Program Files\System Control Manager\MGKBHook.dll ()

MOD - C:\Program Files\System Control Manager\MSIService.exe ()

MOD - C:\Program Files\System Control Manager\MSIWmiAcpi.dll ()

MOD - C:\WINDOWS\system32\TosCommAPI.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (scan) -- C:\Program Files\Immunet\tetra\scan.dll (S.C. BitDefender S.R.L)

SRV - (ImmunetProtect) -- C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.)

SRV - (bsserv) -- C:\Program Files\BitDefender\TrafficLight\bsserv.exe (BitDefender)

SRV - (Process Blocker) -- C:\Program Files\Process Blocker\Process Blocker.exe (Softros Systems, Inc.)

SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe ()

SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (Trufos) -- C:\WINDOWS\system32\drivers\Trufos.sys (BitDefender S.R.L.)

DRV - (ImmunetProtectDriver) -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys (Windows ® Win 7 DDK provider)

DRV - (ImmunetSelfProtectDriver) -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys (Windows ® Win 7 DDK provider)

DRV - (bdftdif_bs) -- C:\Program Files\BitDefender\TrafficLight\bdftdif.sys (BitDefender LLC)

DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation )

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corporation)

DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: FlashBlock = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\

CHR - Extension: Better Pop Up Blocker = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)

O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [immunet Protect] C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1353CF70-D9D9-4350-A8C6-894E03FA5623}: NameServer = 209.18.47.61,209.18.47.62

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/10/15 17:15:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 12:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Malwarebytes

[2011/12/04 12:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/12/04 12:39:21 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/12/04 12:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/12/04 02:35:58 | 000,034,080 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys

[2011/12/04 02:35:52 | 000,050,976 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys

[2011/12/04 02:35:37 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys

[2011/12/04 02:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet

[2011/12/03 16:27:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2011/12/03 15:13:22 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/12/03 15:08:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/12/03 15:08:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/12/03 15:08:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/12/03 15:08:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/12/03 15:07:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/12/03 14:53:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents\My Videos

[2011/12/03 14:53:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

[2011/12/03 14:53:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Administrative Tools

[2011/12/02 17:09:18 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys

[2011/12/02 17:07:59 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2011/12/02 16:31:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2011/12/02 16:31:09 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe

[2011/12/02 16:31:09 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2011/12/02 16:31:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$

[2011/12/01 21:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\vlc

[2011/12/01 19:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\uTorrent

[2011/12/01 19:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\uTorrent

[2011/12/01 01:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2011/12/01 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Browser Guard

[2011/12/01 01:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/12/01 01:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Browser Guard

[2011/12/01 01:06:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/12/01 01:04:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\Application Data\Microsoft

[2011/12/01 01:04:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\Cookies

[2011/12/01 01:04:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\Application Data

[2011/12/01 01:04:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Favorites

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Toshiba

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft Help

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\InstallShield

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Identities

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Desktop

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Adobe

[2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Adobe

[2011/12/01 01:04:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\SendTo

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Startup

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents\My Pictures

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents\My Music

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents

[2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Accessories

[2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\Templates

[2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\PrintHood

[2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\NetHood

[2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\Local Settings

[2011/12/01 01:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\WinRAR

[2011/12/01 01:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\My Documents\Bluetooth

[2011/12/01 01:01:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2011/12/01 00:51:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\RE_DRIVE

[2011/12/01 00:00:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\Recent

[2011/11/30 23:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011/11/30 23:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Immunet

[2011/11/30 23:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Immunet

[2011/11/30 23:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender

[2011/11/30 23:33:31 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2011/11/30 23:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\My Documents\Downloads

[2011/11/30 23:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Macromedia

[2011/11/30 23:10:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\UserData

[2011/11/30 23:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Process Blocker

[2011/11/30 23:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Google

[2011/11/30 23:08:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2011/11/30 23:07:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/07 21:13:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005UA.job

[2011/12/07 17:24:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/07 17:24:16 | 2136,268,800 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/06 23:13:02 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005Core.job

[2011/12/04 12:39:44 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/04 12:23:28 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/12/04 12:23:28 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/12/04 02:46:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/12/04 02:43:11 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\MSI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/04 02:39:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/12/04 02:35:31 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys

[2011/12/04 02:35:30 | 000,050,976 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys

[2011/12/04 02:35:30 | 000,034,080 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys

[2011/12/03 21:52:59 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/12/01 01:04:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/01 01:03:59 | 000,001,215 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2011/12/01 01:02:58 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

[2011/12/01 01:02:15 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2011/11/30 23:33:30 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2011/11/30 23:11:05 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\MSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/04 12:39:44 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/03 21:38:20 | 2136,268,800 | -HS- | C] () -- C:\hiberfil.sys

[2011/12/03 15:13:25 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/12/03 15:08:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/12/03 15:08:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/12/03 15:08:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/12/03 15:08:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/12/03 15:08:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/12/03 15:05:07 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\MSI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/02 16:31:34 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2011/12/01 01:04:22 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Remote Assistance.lnk

[2011/12/01 01:04:22 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Windows Media Player.lnk

[2011/12/01 01:04:22 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Internet Explorer.lnk

[2011/12/01 01:04:22 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Outlook Express.lnk

[2011/12/01 01:02:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2011/11/30 23:10:12 | 000,002,256 | ---- | C] () -- C:\Documents and Settings\MSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/11/30 23:08:58 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005UA.job

[2011/11/30 23:08:57 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005Core.job

[2008/10/15 21:37:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/10/15 19:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2008/10/15 18:00:08 | 006,184,960 | R--- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll

[2008/10/15 17:58:58 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/10/15 17:57:11 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll

[2008/10/15 17:18:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/10/15 17:13:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/10/15 16:59:25 | 000,001,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2008/10/15 16:59:17 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/10/15 16:59:17 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/10/15 16:59:17 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/10/15 16:59:17 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/10/15 16:59:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/10/15 16:59:16 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/10/15 16:59:16 | 000,004,628 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/10/15 16:59:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/10/15 16:59:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/10/15 16:59:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/10/15 16:59:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/10/15 16:59:10 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/10/15 10:07:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/10/15 10:06:04 | 000,259,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2008/10/15 19:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2011/11/30 23:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MSI\Application Data\Immunet

[2011/12/04 02:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MSI\Application Data\uTorrent

========== Purity Check ==========

< End of report >

It did not give me an Extras log this time...

Link to post
Share on other sites

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Maniac,

The same thing happens when i try to run tdsskiller as did aswMBR.exe. The mouse icon changes to loading and nothing happens.

sigh, i appriciate your help. But it looks like i'll just have to get another computer. This one is beyond fixing. I am able to use it just not surf the web.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.