Jump to content

Search Engine Link Redirect?


Recommended Posts

LDTate assisted me with a Trojan problem a week or so ago. While I thought we had a fix in place, I have been experiencing this type of problem: when I search using Google, and I "click" on a results link, I am redirected to some erroneous site. Sometimes if I "open the link in a new window," though, I can actually go to the intended link site, but sometimes not. I ran Anti-Maleware last night and it did not detect anything amiss. Here is the result:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.02.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

xxxxxxxxxxxxxx [administrator]

6/3/2012 6:58:51 PM

mbam-log-2012-06-03 (18-58-51).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 244970

Time elapsed: 57 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thanks in advance for help with this. . . .

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Link to post
Share on other sites

Thanks Mr. Charlie.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.04.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Tony Grausso :: TONY [administrator]

6/4/2012 7:56:37 PM

mbam-log-2012-06-04 (19-56-37).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 199026

Time elapsed: 11 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1

Run by Tony Grausso at 5:54:03 on 2012-06-05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.427 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\CLink\McciTrayApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Belkin\F5D8073\Belkinwcui.exe

C:\Program Files\internet explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - c:\program files\m86security secure browsing\SecureBrowsing.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: M86 Security Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - c:\program files\m86security secure browsing\SecureBrowsing.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [CLink_McciTrayApp] "c:\program files\clink\McciTrayApp.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241711260890

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{6209BADF-7B7E-45E9-95EB-189B679EE4E2} : DhcpNameServer = 10.0.0.1

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2007-7-28 537216]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-26 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-26 40552]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-16 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-16 136176]

.

=============== Created Last 30 ================

.

2012-06-04 23:43:50 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f27a5d87-1402-4179-82d2-c0c1f2b8074c}\mpengine.dll

2012-06-04 16:40:15 6737808 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-05-31 20:52:34 -------- d-----w- c:\program files\CLink

2012-05-31 20:48:33 -------- d-----w- c:\program files\Sprint_Activation

2012-05-31 20:48:03 -------- d-----w- c:\program files\common files\Motive

2012-05-31 16:47:21 -------- d-----w- c:\program files\Linksys

2012-05-31 16:45:30 -------- d-----w- c:\program files\WebEx

2012-05-31 16:45:19 8892928 ----a-w- c:\documents and settings\all users\application data\atscie.msi

2012-05-31 16:44:58 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys

2012-05-31 16:44:51 25264 ----a-w- c:\windows\system32\drivers\purendis.sys

2012-05-31 16:44:29 -------- d-----w- c:\program files\common files\Pure Networks Shared

2012-05-31 16:43:23 -------- d-----w- c:\documents and settings\all users\application data\Pure Networks

2012-05-28 16:09:05 -------- d-----w- c:\documents and settings\tony grausso\application data\Finjan

2012-05-28 16:09:04 -------- d-----w- c:\program files\M86Security Secure Browsing

2012-05-28 16:07:02 -------- d-s---w- C:\ComboFix

2012-05-28 03:47:05 -------- d-----w- c:\documents and settings\tony grausso\local settings\application data\Sun

2012-05-28 03:00:53 -------- d-----w- c:\program files\Oracle

2012-05-28 03:00:32 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-05-28 02:45:32 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-28 01:25:16 -------- d-sha-r- C:\cmdcons

2012-05-24 15:57:01 -------- d-----w- c:\documents and settings\tony grausso\application data\Malwarebytes

2012-05-24 15:56:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-05-24 15:56:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-24 15:56:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-24 13:13:53 -------- d-----w- c:\documents and settings\tony grausso\local settings\application data\PCHealth

2012-05-23 14:08:08 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-05-23 14:08:08 -------- d-----w- c:\windows\system32\wbem\Repository

2012-05-16 20:00:41 -------- dc----w- c:\windows\ie8

2012-05-16 19:41:23 -------- d-----w- c:\windows\system32\Adobe

.

==================== Find3M ====================

.

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 19:42:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-16 19:42:37 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-06 12:24:51 5486 --sha-w- c:\windows\system32\KGyGaAvL.sys

2012-04-06 12:24:41 88 --sh--r- c:\windows\system32\37AE522F6C.sys

2012-04-04 22:47:36 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

============= FINISH: 6:01:54.67 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 5/22/2007 7:35:49 PM

System Uptime: 6/5/2012 5:44:56 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0XD720

Processor: Genuine Intel® CPU T2080 @ 1.73GHz | Microprocessor | 1729/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 144 GiB total, 124.031 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\21E4F961434FC000

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\21E4F961434FC000

Service: NIC1394

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Belkin F5D8073 N Wireless ExpressCard Adapter

Broadcom Management Programs

Canon Easy-PhotoPrint EX

Canon MP Navigator EX 4.0

Canon MP280 series MP Drivers

Canon MP280 series User Registration

Canon My Printer

Canon Solution Menu EX

CenturyLink Help

Color LaserJet 2600n

Conexant HDA D110 MDC V.92 Modem

Corel Paint Shop Pro Photo XI

Corel Snapfire Plus

Dell Support 3.2.1

Dell System Restore

Dell Wireless WLAN Card

Digital Line Detect

Google Earth

Google Update Helper

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format 11 SDK (KB973442)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

InterVideo XPack (DVD Only)

Java Auto Updater

Java 6 Update 26

Java 7 Update 4

JavaFX 2.1.0

M86Security Secure Browsing

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Security Client

Microsoft Security Essentials

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Windows XP Video Decoder Checkup Utility

Microsoft WinUsb 1.0

Microsoft Works

Microsoft Works 2005 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

Modem Helper

Move Media Player

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetWaiting

Network Magic

NVIDIA Drivers

Pure Networks Platform

QFolder

QuickSet

SearchAssist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sonic DLA

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

swMSM

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

URL Assistant

Veetle TV 0.9.18

vShare Plugin

WebEx Support Manager for Internet Explorer

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

Works Upgrade

.

==== Event Viewer Messages From Past Week ========

.

6/1/2012 8:42:10 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.

6/1/2012 8:41:48 AM, error: Dhcp [1002] - The IP address lease 10.0.0.21 for the Network Card with network address 0019B971369A has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

5/31/2012 9:27:29 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.966.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

5/31/2012 4:48:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

5/30/2012 7:33:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.966.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

.

==== End Of File ===========================

Link to post
Share on other sites

RogueKiller V7.5.3 [06/05/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Tony Grausso [Admin rights]

Mode: Scan -- Date: 06/05/2012 13:09:36

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS +++++

--- User ---

[MBR] d4cb7efc21a8b522139a443bba612a9e

[bSP] 26fe7d691f9edb5d824e85e8f49dc627 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 147448 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 302086260 | Size: 2047 Mo

3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 306279225 | Size: 3074 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 590bcd9574b978393149017ac1f78ad5

[bSP] 0c589c288d476e3efce03ae95c571caa : MaxSS MBR Code!

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 147448 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 302086260 | Size: 2047 Mo

3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 306279225 | Size: 3074 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

[bSP] 0c589c288d476e3efce03ae95c571caa : MaxSS MBR Code!

Yes...RogueKiller picked it up.

-----------------------------------

Please do this......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

It would not open in safemode. Here is another DDS report set:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 5/22/2007 7:35:49 PM

System Uptime: 6/5/2012 2:31:38 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0XD720

Processor: Genuine Intel® CPU T2080 @ 1.73GHz | Microprocessor | 1729/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 144 GiB total, 123.958 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\21E4F961434FC000

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\21E4F961434FC000

Service: NIC1394

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Belkin F5D8073 N Wireless ExpressCard Adapter

Broadcom Management Programs

Canon Easy-PhotoPrint EX

Canon MP Navigator EX 4.0

Canon MP280 series MP Drivers

Canon MP280 series User Registration

Canon My Printer

Canon Solution Menu EX

CenturyLink Help

Color LaserJet 2600n

Conexant HDA D110 MDC V.92 Modem

Corel Paint Shop Pro Photo XI

Corel Snapfire Plus

Dell Support 3.2.1

Dell System Restore

Dell Wireless WLAN Card

Digital Line Detect

ERUNT 1.1j

Google Earth

Google Update Helper

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format 11 SDK (KB973442)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

InterVideo XPack (DVD Only)

Java Auto Updater

Java 6 Update 26

Java 7 Update 4

JavaFX 2.1.0

M86Security Secure Browsing

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Security Client

Microsoft Security Essentials

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Windows XP Video Decoder Checkup Utility

Microsoft WinUsb 1.0

Microsoft Works

Microsoft Works 2005 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

Modem Helper

Move Media Player

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetWaiting

Network Magic

NVIDIA Drivers

Pure Networks Platform

QFolder

QuickSet

SearchAssist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sonic DLA

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

swMSM

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

URL Assistant

Veetle TV 0.9.18

vShare Plugin

WebEx Support Manager for Internet Explorer

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

Works Upgrade

.

==== Event Viewer Messages From Past Week ========

.

6/5/2012 2:29:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

6/5/2012 2:29:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/5/2012 2:29:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL

6/5/2012 2:29:16 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

6/5/2012 2:29:16 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/5/2012 2:29:16 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/5/2012 2:29:16 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

6/1/2012 8:41:48 AM, error: Dhcp [1002] - The IP address lease 10.0.0.21 for the Network Card with network address 0019B971369A has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

5/31/2012 9:27:29 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.966.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

5/30/2012 7:33:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.966.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

5/29/2012 2:48:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

5/29/2012 2:34:14 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1

Run by Tony Grausso at 14:40:40 on 2012-06-05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.452 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\CLink\McciTrayApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Belkin\F5D8073\Belkinwcui.exe

C:\Program Files\internet explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - c:\program files\m86security secure browsing\SecureBrowsing.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: M86 Security Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - c:\program files\m86security secure browsing\SecureBrowsing.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [CLink_McciTrayApp] "c:\program files\clink\McciTrayApp.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\tonygr~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241711260890

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{6209BADF-7B7E-45E9-95EB-189B679EE4E2} : DhcpNameServer = 10.0.0.1

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2007-7-28 537216]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-26 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-26 40552]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-16 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-16 136176]

.

=============== Created Last 30 ================

.

2012-06-04 23:43:50 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f27a5d87-1402-4179-82d2-c0c1f2b8074c}\mpengine.dll

2012-06-04 16:40:15 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-05-31 20:52:34 -------- d-----w- c:\program files\CLink

2012-05-31 20:48:33 -------- d-----w- c:\program files\Sprint_Activation

2012-05-31 20:48:03 -------- d-----w- c:\program files\common files\Motive

2012-05-31 16:47:21 -------- d-----w- c:\program files\Linksys

2012-05-31 16:45:30 -------- d-----w- c:\program files\WebEx

2012-05-31 16:45:19 8892928 ----a-w- c:\documents and settings\all users\application data\atscie.msi

2012-05-31 16:44:58 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys

2012-05-31 16:44:51 25264 ----a-w- c:\windows\system32\drivers\purendis.sys

2012-05-31 16:44:29 -------- d-----w- c:\program files\common files\Pure Networks Shared

2012-05-31 16:43:23 -------- d-----w- c:\documents and settings\all users\application data\Pure Networks

2012-05-28 16:09:05 -------- d-----w- c:\documents and settings\tony grausso\application data\Finjan

2012-05-28 16:09:04 -------- d-----w- c:\program files\M86Security Secure Browsing

2012-05-28 16:07:02 -------- d-s---w- C:\ComboFix

2012-05-28 03:47:05 -------- d-----w- c:\documents and settings\tony grausso\local settings\application data\Sun

2012-05-28 03:00:53 -------- d-----w- c:\program files\Oracle

2012-05-28 03:00:32 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-05-28 02:45:32 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-28 01:25:16 -------- d-sha-r- C:\cmdcons

2012-05-24 15:57:01 -------- d-----w- c:\documents and settings\tony grausso\application data\Malwarebytes

2012-05-24 15:56:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-05-24 15:56:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-24 15:56:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-24 13:13:53 -------- d-----w- c:\documents and settings\tony grausso\local settings\application data\PCHealth

2012-05-23 14:08:08 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-05-23 14:08:08 -------- d-----w- c:\windows\system32\wbem\Repository

2012-05-16 20:00:41 -------- dc----w- c:\windows\ie8

2012-05-16 19:41:23 -------- d-----w- c:\windows\system32\Adobe

.

==================== Find3M ====================

.

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 19:42:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-16 19:42:37 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-06 12:24:51 5486 --sha-w- c:\windows\system32\KGyGaAvL.sys

2012-04-06 12:24:41 88 --sh--r- c:\windows\system32\37AE522F6C.sys

2012-04-04 22:47:36 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

============= FINISH: 14:48:14.35 ===============

While the scan shows AVG Anti-Virus Free Edition 2012 *Enabled/Updated*, I did remove this (twice) using AppRemover after uninstalling.

Link to post
Share on other sites

OK, I see you have run ComboFix and it's still on the system.

When was the last time you ran ComboFix? any logs you can post?

DDS is just for information and we can't use it to correct anything.

----------------

See if you can do this.....

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

LDTate had me run ComboFix to help fix a trojan problem a week ago, although I had unistalled ComboFix via his instruction, or so I thought. I do not have any logs/reports to share. But here are the two OTL reports:

OTL logfile created on: 6/5/2012 3:17:48 PM - Run 1

OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\Tony Grausso\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 473.25 Mb Available Physical Memory | 46.29% Memory free

2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.14% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.99 Gb Total Space | 123.96 Gb Free Space | 86.09% Space Free | Partition Type: NTFS

Computer Name: TONY | User Name: Tony Grausso | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/05 15:16:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony Grausso\Desktop\OTL.exe

PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/02/13 16:00:00 | 001,899,520 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\CLink\McciTrayApp.exe

PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/12/05 10:56:50 | 001,736,704 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8073\Belkinwcui.exe

========== Modules (No Company Name) ==========

MOD - [2009/04/07 15:39:32 | 000,394,752 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll

MOD - [2009/04/07 15:39:32 | 000,282,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll

MOD - [2007/11/21 15:48:32 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D8073\BelkinwcuiDLL.dll

MOD - [2007/03/30 16:00:44 | 000,081,920 | ---- | M] () -- C:\Program Files\Belkin\F5D8073\BelkinHWStatus.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/03/16 10:38:13 | 000,136,176 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)

SRV - [2012/03/16 10:38:13 | 000,136,176 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)

SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2008/07/29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)

SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)

SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)

SRV - [2008/04/13 20:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)

SRV - [2008/04/13 20:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)

SRV - [2008/04/13 20:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)

SRV - [2006/11/22 18:35:50 | 000,020,480 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)

SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2006/03/21 07:03:00 | 000,143,428 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012/02/13 15:59:46 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2012/02/13 15:59:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/04/07 15:33:08 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)

DRV - [2009/04/07 15:33:08 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)

DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)

DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)

DRV - [2008/04/13 14:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp)

DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)

DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)

DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)

DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)

DRV - [2008/04/13 14:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp)

DRV - [2008/04/13 14:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ)

DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)

DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)

DRV - [2008/04/13 14:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541)

DRV - [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)

DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)

DRV - [2007/07/28 15:48:40 | 000,537,216 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)

DRV - [2006/11/22 18:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)

DRV - [2006/08/25 01:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)

DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2004/08/04 06:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)

DRV - [2004/08/04 06:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)

DRV - [2004/08/04 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)

DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

DRV - [2001/08/17 15:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn)

DRV - [2001/08/17 15:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)

DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 15:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib)

DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 15:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2)

DRV - [2001/08/17 15:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx)

DRV - [2001/08/17 15:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2)

DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)

DRV - [2001/08/17 15:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)

DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)

DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)

DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)

DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 14:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240)

DRV - [2001/08/17 14:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt)

DRV - [2001/08/17 14:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt)

DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 14:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u)

DRV - [2001/08/17 14:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)

DRV - [2001/08/17 14:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf)

DRV - [2001/08/17 14:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)

DRV - [2001/08/17 14:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt)

DRV - [2001/08/17 14:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p)

DRV - [2001/08/17 14:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint)

DRV - [2001/08/17 14:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x)

DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)

DRV - [2001/08/17 14:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5)

DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)

DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)

DRV - [2001/08/17 14:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde)

DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070518

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070518

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070518

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070518

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Tony Grausso\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Tony Grausso\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Tony Grausso\Application Data\Move Networks [2010/01/20 16:53:20 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/05/28 10:40:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (SecureBrowsing bho) - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (M86 Security Secure Browsing) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD)

O3 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..\Toolbar\WebBrowser: (M86 Security Secure Browsing) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD)

O4 - HKLM..\Run: [CLink_McciTrayApp] C:\Program Files\CLink\McciTrayApp.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - Startup: C:\Documents and Settings\Tony Grausso\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll File not found

O15 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241711260890 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6209BADF-7B7E-45E9-95EB-189B679EE4E2}: DhcpNameServer = 10.0.0.1

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O18 - Protocol\Handler\vsharechrome - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/TONYGR~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/05 15:16:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony Grausso\Desktop\OTL.exe

[2012/06/05 13:28:02 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tony Grausso\Desktop\explorer.exe.exe

[2012/06/05 13:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2012/06/05 13:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/06/05 13:24:16 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tony Grausso\Desktop\erunt_setup.exe

[2012/06/05 13:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Desktop\RK_Quarantine

[2012/06/04 20:07:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Tony Grausso\Desktop\aswMBR.exe

[2012/06/04 14:12:14 | 009,989,040 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Tony Grausso\Desktop\AppRemover.exe

[2012/06/04 13:52:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Tony Grausso\Desktop\dds.com

[2012/05/31 16:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Application Data\Motive

[2012/05/31 16:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CenturyLink Help

[2012/05/31 16:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\CLink

[2012/05/31 16:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sprint_Activation

[2012/05/31 16:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive

[2012/05/31 16:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive

[2012/05/31 12:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys

[2012/05/31 12:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx

[2012/05/31 12:44:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2012/05/31 12:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared

[2012/05/31 12:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks

[2012/05/28 12:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Application Data\Finjan

[2012/05/28 12:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\M86Security Secure Browsing

[2012/05/28 12:07:02 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/05/28 12:04:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/05/27 23:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Local Settings\Application Data\Sun

[2012/05/27 23:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/05/27 23:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2012/05/27 23:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Application Data\Oracle

[2012/05/27 22:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/05/27 22:28:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012/05/27 21:25:16 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/05/27 20:56:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/05/27 18:30:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/05/27 18:27:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tony Grausso\Start Menu\Programs\Administrative Tools

[2012/05/24 14:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/24 11:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Application Data\Malwarebytes

[2012/05/24 11:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/05/24 11:56:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/05/24 11:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/05/24 09:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Local Settings\Application Data\PCHealth

[2012/05/23 20:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2012/05/23 20:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2012/05/23 10:05:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tony Grausso\Recent

[2012/05/16 16:00:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8

[2012/05/16 15:41:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/05 15:16:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony Grausso\Desktop\OTL.exe

[2012/06/05 15:12:13 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/06/05 15:06:36 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/06/05 15:06:36 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/06/05 15:02:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/06/05 15:02:14 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/05 15:02:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/06/05 15:02:04 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/05 14:48:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/05 13:28:08 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tony Grausso\Desktop\explorer.exe.exe

[2012/06/05 13:26:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/06/05 13:26:17 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\NTREGOPT.lnk

[2012/06/05 13:26:17 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\ERUNT.lnk

[2012/06/05 13:24:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tony Grausso\Desktop\erunt_setup.exe

[2012/06/05 13:08:22 | 001,516,032 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\RogueKiller.exe

[2012/06/05 05:52:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\defogger_reenable

[2012/06/04 20:07:27 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tony Grausso\Desktop\aswMBR.exe

[2012/06/04 19:54:12 | 002,108,959 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\abckiller.com

[2012/06/04 19:44:14 | 000,397,389 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\MiniToolBox.exe

[2012/06/04 14:12:25 | 009,989,040 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Tony Grausso\Desktop\AppRemover.exe

[2012/06/04 13:52:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Tony Grausso\Desktop\dds.com

[2012/06/04 13:36:20 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\Defogger.exe

[2012/06/02 05:08:22 | 000,017,781 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2012/05/31 12:45:28 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi

[2012/05/28 10:40:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/05/27 22:46:12 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2012/05/27 21:25:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/05/27 20:46:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/05/26 13:55:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2012/05/25 13:32:54 | 000,062,940 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012/05/24 11:56:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/23 09:43:41 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk

[2012/05/23 09:43:41 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMRr

[2012/05/23 09:43:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMR

[2012/05/16 16:28:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/05/16 16:12:41 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/05/09 12:20:26 | 000,191,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/05/09 11:30:09 | 000,153,774 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\Seagrove Soap Fundraiser Seller Order Form Spring -Summer 2012 V2.pdf

[2012/05/09 11:20:42 | 000,099,484 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\Seagrove Fundraiser Agreement Spring - Summer 2012 (1).pdf

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/05 14:32:01 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys

[2012/06/05 13:26:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/06/05 13:26:17 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\NTREGOPT.lnk

[2012/06/05 13:26:17 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\ERUNT.lnk

[2012/06/05 13:08:20 | 001,516,032 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\RogueKiller.exe

[2012/06/05 05:52:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\defogger_reenable

[2012/06/04 19:54:09 | 002,108,959 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\abckiller.com

[2012/06/04 19:43:59 | 000,397,389 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\MiniToolBox.exe

[2012/06/04 13:36:19 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\Defogger.exe

[2012/05/31 12:45:19 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi

[2012/05/27 22:55:52 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/05/27 22:45:54 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/05/27 21:25:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/05/27 21:25:21 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/05/24 11:56:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/23 20:23:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/05/23 16:25:27 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk

[2012/05/23 16:25:27 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2012/05/23 09:43:41 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMRr

[2012/05/23 09:43:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMR

[2012/05/09 11:30:09 | 000,153,774 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\Seagrove Soap Fundraiser Seller Order Form Spring -Summer 2012 V2.pdf

[2012/05/09 11:20:42 | 000,099,484 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\Seagrove Fundraiser Agreement Spring - Summer 2012 (1).pdf

[2012/04/16 12:17:48 | 000,017,407 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Local Settings\Application Data\dt.dat

[2012/02/15 09:45:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== LOP Check ==========

[2011/11/14 12:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011/11/14 13:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP

[2011/11/14 13:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2

[2011/11/14 12:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup

[2011/11/14 13:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2012/03/10 10:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan

[2011/11/14 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX

[2011/11/14 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt

[2012/02/18 12:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2012/04/16 11:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2012/04/16 12:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/07/29 13:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2012/04/16 11:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\AVG2012

[2012/03/10 10:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\Canon

[2012/05/28 12:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\Finjan

[2010/04/07 09:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\InterVideo

[2010/03/12 20:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\Leadertech

[2012/05/27 23:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\Oracle

[2010/11/07 16:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\vShare

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/5/2012 3:17:48 PM - Run 1

OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\Tony Grausso\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 473.25 Mb Available Physical Memory | 46.29% Memory free

2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.14% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.99 Gb Total Space | 123.96 Gb Free Space | 86.09% Space Free | Partition Type: NTFS

Computer Name: TONY | User Name: Tony Grausso | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs

"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{6CA19AED-BDAE-4874-A9A3-BE1D03EC40A9}" = Belkin F5D8073 N Wireless ExpressCard Adapter

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (DVD Only)

"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1

"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"Canon MP280 series User Registration" = Canon MP280 series User Registration

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"CLink" = CenturyLink Help

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"ERUNT_is1" = ERUNT 1.1j

"Finjan Secure Browsing" = M86Security Secure Browsing

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP-Color LaserJet 2600n" = Color LaserJet 2600n

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{6CA19AED-BDAE-4874-A9A3-BE1D03EC40A9}" = Belkin F5D8073 N Wireless ExpressCard Adapter

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Network MagicUninstall" = Network Magic

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"SearchAssist" = SearchAssist

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Veetle TV" = Veetle TV 0.9.18

"vShare" = vShare Plugin

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"winusb0100" = Microsoft WinUsb 1.0

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Works2005Setup" = Microsoft Works 2005 Setup Launcher

"WUDF01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/27/2012 7:38:44 AM | Computer Name = TONY | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,

P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 5/27/2012 7:38:54 AM | Computer Name = TONY | Source = Microsoft Security Client | ID = 5000

Description =

Error - 5/27/2012 5:23:56 PM | Computer Name = TONY | Source = WinMgmt | ID = 28

Description = WinMgmt could not initialize the core parts. This could be due to

a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient

disk space or insufficient memory.

Error - 5/27/2012 10:40:41 PM | Computer Name = TONY | Source = Microsoft Security Client | ID = 5000

Description =

Error - 5/27/2012 10:40:59 PM | Computer Name = TONY | Source = Microsoft Security Client | ID = 5000

Description =

Error - 5/27/2012 10:45:46 PM | Computer Name = TONY | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,

P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 5/28/2012 9:15:17 AM | Computer Name = TONY | Source = MPSampleSubmission | ID = 5000

Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P2 1.1.8403.0, P3 1.127.848.0, P4 1.127.848.0, P5 200015b3e9679dd8_9cca347a4659301f89105a5433539e9cad150c69,

P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 5/30/2012 8:50:26 AM | Computer Name = TONY | Source = Application Error | ID = 1000

Description = Faulting application javara.exe, version 1.16.1.1763, faulting module

ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 6/4/2012 10:30:51 AM | Computer Name = TONY | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module unknown, version 0.0.0.0, fault address 0x0112905d.

Error - 6/4/2012 2:17:18 PM | Computer Name = TONY | Source = Application Hang | ID = 1002

Description = Hanging application appRemoverCore.exe, version 2.2.25.1, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]

Error - 5/9/2012 11:30:58 AM | Computer Name = TONY | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 601

seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 6/5/2012 2:29:16 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper service depends on the AFD service which

failed to start because of the following error: %%31

Error - 6/5/2012 2:29:16 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 6/5/2012 2:29:16 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD APPDRV Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL

Error - 6/5/2012 2:29:21 PM | Computer Name = TONY | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/5/2012 2:29:51 PM | Computer Name = TONY | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/5/2012 2:30:52 PM | Computer Name = TONY | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/5/2012 2:31:05 PM | Computer Name = TONY | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/5/2012 2:32:11 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7000

Description = The Zune Bus Enumerator Driver service failed to start due to the

following error: %%2

Error - 6/5/2012 2:34:26 PM | Computer Name = TONY | Source = DCOM | ID = 10010

Description = The server {BA126AE5-2166-11D1-B1D0-00805FC1270E} did not register

with DCOM within the required timeout.

Error - 6/5/2012 3:02:16 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7000

Description = The Zune Bus Enumerator Driver service failed to start due to the

following error: %%2

< End of report >

Link to post
Share on other sites

Not much showing......

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    [2012/05/28 12:07:02 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/05/23 09:43:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMR
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Here is the OTL log:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2183708541-3629148959-1070128526-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

C:\ComboFix folder moved successfully.

C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMR moved successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner

User: Tony Grausso

->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 41620 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 3571846 bytes

->Flash cache emptied: 17786 bytes

User: NetworkService

->Temp folder emptied: 25986 bytes

->Temporary Internet Files folder emptied: 1310854 bytes

->Flash cache emptied: 3040 bytes

User: Owner

->Temp folder emptied: 0 bytes

User: Tony Grausso

->Temp folder emptied: 131620 bytes

->Temporary Internet Files folder emptied: 19898882 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 1959350 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 1206508 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 163085 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 27.00 mb

OTL by OldTimer - Version 3.2.46.1 log created on 06062012_121501

Files\Folders moved on Reboot...

C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\9JZLKEFK\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\95225KGM\index[1].htm moved successfully.

C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\1KEJYIGS\fastbutton[1].htm moved successfully.

File move failed. C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I see a "file move failed" in the report. When I rebooted, I did see a window indicating a program wanted to run on start-up (OTL.exe) but I did not allow it to do so. Should I re-attempt this again, and let it run?

Thanks.

Link to post
Share on other sites

I re-ran OTL and allowed it to run on reboot. Here is the report for it:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2183708541-3629148959-1070128526-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Folder C:\ComboFix\ not found.

File C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMR not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner

User: Tony Grausso

->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 6100 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Owner

->Temp folder emptied: 0 bytes

User: Tony Grausso

->Temp folder emptied: 33546 bytes

->Temporary Internet Files folder emptied: 21550799 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 1307 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4656 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb

OTL by OldTimer - Version 3.2.46.1 log created on 06062012_123125

Files\Folders moved on Reboot...

C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\LNKJV9NX\index[1].htm moved successfully.

C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\GEE4ADJF\fastbutton[1].htm moved successfully.

C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\GEE4ADJF\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

File\Folder C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

TDSSKiller is what we really want to run, see if this runs...

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Please zip it up and attach it to your next post.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.