Jump to content

Cannot remove TR/Crypt.Epack.Gen2 - Help is urgently needed please.


MJ1980
 Share

Recommended Posts

Hello,

I have recently been infected with various Trojans and malware and have been able to successfully delete most of them with the malwarebytes download. This was about 3 days ago. However, there is a persistant one that I cannot remove. Yesterday I downloaded and scanned with Superantispyware and it found 95 threats! I deleted them but this Morning my laptop is running at snails pace once again and my Avira AntiVirius is detecting the TR/Crypt.Epack.Gen2. I have Windows Vista Home Premium.

I would greatly appreciate any help you can give me on removing this. My laptop is running so slowly it had taken me no less than 4 hours just to register on this site and post this message.

I am no computer whizz therefore, step by step instructions for computer dummies would be helpful.

Thanks very much in advance.

Link to post
Share on other sites

Hello MJ1980

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Hi, first of all thanks very much for your reply. :)

I followed your instructions and pasted everything below but when I sent it, I was told it was too long. Therefore, I have attached all the requested files instead. There was indeed lots of data.

In regards to the Rootkit Unhooker, I downloaded and ran it and it scanned the Drivers and Stealth Code but when it prompted me to scan the C:/ drive it did not do anything for hours. I have attached a screen shot of how it was left for at least 4 hours by which time I cancelled the scan. Then it proceeded to scan the Code Hooks and then gave the report that I have also attached.

So, am not sure if I will have to run it again as the Files did not get scanned by RkU.

Please advise on next step and thanks again very much for your help.

OTL.Txt

Extras.Txt

post-54514-1286576632_thumb.jpg

RkU_Report.txt

Link to post
Share on other sites

No what you have is fine.

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================

========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi again,

As always thanks again for your quick reply.

Since I don't use my laptop for any Internet Banking, I didn't go down the route of a reformat as you suggested as one of the options. I have deleted and backed up any sensitive info and ran the ComboFix.exe

I have attached the log as requested.

I understand that it has not necessarily 'cleaned' my system 100%.

Is there anything else now I should be doing or looking out for?

I appreciate your time.

ComboFix.txt

Link to post
Share on other sites

You are welcome for now let's get it clean then I can give you some prevention instructions.

1. Open notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=64347&st=0entry325129

Collect::
C:\Windows\System32\drivers\lmdhqmcl.sys
C:\Windows\System32\drivers\vntkmsam.sys

Driver::
9a59da2c72c02de6
9ad88899195a1e70
ea1d247d707580e1
lmdhqmcl
vntkmsam

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\9a59da2c72c02de6]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\9ad88899195a1e70]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ea1d247d707580e1]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmdhqmcl]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vntkmsam]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

4. During this run Combofix will collect and automatically upload some sample files.

You will see it say Combofix needs to upload some samples.

If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Link to post
Share on other sites

Hi,

Here is the log as requested. The file name is ComboFix-quarantined-files.txt....Hope it is the log you require:

2010-10-09 20:17:54 . 2010-10-09 20:17:54 842 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SetPanel.reg.dat

2010-10-09 20:17:47 . 2010-10-09 20:17:47 922 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-QuickTime Task.reg.dat

2010-10-09 20:16:37 . 2010-10-09 20:16:37 854 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ALaunch.reg.dat

2010-10-09 20:15:46 . 2010-10-09 20:15:46 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-eRecoveryService.reg.dat

2010-10-09 20:15:42 . 2010-10-09 20:15:42 96 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Acer Tour.reg.dat

2010-10-09 20:15:33 . 2010-10-09 20:15:33 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Acer Tour Reminder.reg.dat

2010-10-09 20:04:56 . 2010-10-09 20:04:56 11,730 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2010-10-09 19:44:34 . 2010-10-09 19:55:02 113 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-01-24 19:27:55 . 2009-05-11 09:12:24 28,520 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\Drivers\ssmdrv.sys.vir

Thanks!

You are welcome for now let's get it clean then I can give you some prevention instructions.

1. Open notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=64347&st=0entry325129

Collect::
C:\Windows\System32\drivers\lmdhqmcl.sys
C:\Windows\System32\drivers\vntkmsam.sys

Driver::
9a59da2c72c02de6
9ad88899195a1e70
ea1d247d707580e1
lmdhqmcl
vntkmsam

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\9a59da2c72c02de6]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\9ad88899195a1e70]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ea1d247d707580e1]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmdhqmcl]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vntkmsam]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

4. During this run Combofix will collect and automatically upload some sample files.

You will see it say Combofix needs to upload some samples.

If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Link to post
Share on other sites

Btw, after I dragged the CFScript.txt onto the icon it did not say 'ComboFix needs to upload some files'

I did the steps by going Navigating to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip BUT could not find it. I clicked on the link you provided but it just directed me to Bleeping Computer website to register. So not sure if I have done the right thing?

Hi,

Here is the log as requested. The file name is ComboFix-quarantined-files.txt....Hope it is the log you require:

2010-10-09 20:17:54 . 2010-10-09 20:17:54 842 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SetPanel.reg.dat

2010-10-09 20:17:47 . 2010-10-09 20:17:47 922 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-QuickTime Task.reg.dat

2010-10-09 20:16:37 . 2010-10-09 20:16:37 854 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ALaunch.reg.dat

2010-10-09 20:15:46 . 2010-10-09 20:15:46 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-eRecoveryService.reg.dat

2010-10-09 20:15:42 . 2010-10-09 20:15:42 96 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Acer Tour.reg.dat

2010-10-09 20:15:33 . 2010-10-09 20:15:33 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Acer Tour Reminder.reg.dat

2010-10-09 20:04:56 . 2010-10-09 20:04:56 11,730 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2010-10-09 19:44:34 . 2010-10-09 19:55:02 113 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-01-24 19:27:55 . 2009-05-11 09:12:24 28,520 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\Drivers\ssmdrv.sys.vir

Thanks!

Link to post
Share on other sites

Sorry if I am being dumb :lol:

It did reboot when I initially dragged the notepad txt onto the icon and the only log I THINK it created is the following:

-------- 2010-10-09 - 20:44:35 -------------

-------- 2010-10-09 - 20:52:02 -------------

error: 31

The above log I found in C:\Quoobox\Quarantine and saved as Catchme.log

Also, I cannot find any file in the C:\ with the name Combofix

Hmm that is the first log was a log produced on reboot?

Check here as well C:\Combofix\combofix.txt or log.txt

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Services
    1e62ab55fc84d9f8
    7e126a7de2247c2b
    b18c9a99bc6f5291
    b7202cb9d615f1fd

    :Files
    c:\windows\system32\drivers\lmdhqmcl.sys
    c:\windows\system32\drivers\vntkmsam.sys

    :Reg
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\1e62ab55fc84d9f8]
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\7e126a7de2247c2b]
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b18c9a99bc6f5291]
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b7202cb9d615f1fd]

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Hi there,

Please find the logs pasted below as requested:

OTL:

All processes killed

========== SERVICES/DRIVERS ==========

Service 1e62ab55fc84d9f8 stopped successfully!

Service 1e62ab55fc84d9f8 deleted successfully!

Service 7e126a7de2247c2b stopped successfully!

Service 7e126a7de2247c2b deleted successfully!

Service b18c9a99bc6f5291 stopped successfully!

Service b18c9a99bc6f5291 deleted successfully!

Service b7202cb9d615f1fd stopped successfully!

Service b7202cb9d615f1fd deleted successfully!

========== FILES ==========

c:\windows\system32\drivers\lmdhqmcl.sys moved successfully.

File\Folder c:\windows\system32\drivers\vntkmsam.sys not found.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\1e62ab55fc84d9f8\ not found.

Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\7e126a7de2247c2b\ not found.

Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b18c9a99bc6f5291\ not found.

Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b7202cb9d615f1fd\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Margie

->Temp folder emptied: 835261 bytes

->Temporary Internet Files folder emptied: 2867180 bytes

->Java cache emptied: 51416827 bytes

->FireFox cache emptied: 47759490 bytes

->Flash cache emptied: 12580016 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1264 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 110.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10122010_112439

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

MBAM:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4799

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

12/10/2010 11:43:00

mbam-log-2010-10-12 (11-43-00).txt

Scan type: Quick scan

Objects scanned: 141827

Time elapsed: 11 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thank you. :(

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Services
    1e62ab55fc84d9f8
    7e126a7de2247c2b
    b18c9a99bc6f5291
    b7202cb9d615f1fd

    :Files
    c:\windows\system32\drivers\lmdhqmcl.sys
    c:\windows\system32\drivers\vntkmsam.sys

    :Reg
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\1e62ab55fc84d9f8]
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\7e126a7de2247c2b]
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b18c9a99bc6f5291]
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b7202cb9d615f1fd]

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Here it is:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=af52f7e84d7a8948ba300e15870f4ff1

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-10-12 03:07:30

# local_time=2010-10-12 04:07:30 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=9

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=1797 16775165 100 94 4607 59540382 63543 0

# compatibility_mode=5892 16776573 100 100 328719 124418595 0 0

# compatibility_mode=8192 67108863 100 0 178 178 0 0

# scanned=148808

# found=5

# cleaned=5

# scan_time=10183

C:\Program Files\Acer GameZone\Jewel Quest Solitaire\aJewelQuestSolitaire.exe Win32/Agent.RKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\[4]-Submit_2010-10-10_18.43.43.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\ssmdrv.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\10122010_112439\c_windows\system32\drivers\lmdhqmcl.sys a variant of Win32/Bubnix.BB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Please note that after the scan I have not clicked finish as I wasn't sure If I had to check the boxes at the bottom. Please see the print screen attached.

Thank you.

post-54514-1286899965_thumb.jpg

Link to post
Share on other sites

Ok you can check both boxes then click on finish.

Please let me know of any remaining problems.

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites

Hi,

Here it is pasted below:

OTL logfile created on: 12/10/2010 19:10:49 - Run 2

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Margie\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 51.14 Gb Total Space | 20.38 Gb Free Space | 39.84% Space Free | Partition Type: NTFS

Drive D: | 50.89 Gb Total Space | 44.73 Gb Free Space | 87.91% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MARGIE-PC

Current User Name: Margie

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Margie\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()

PRC - C:\Acer\Mobility Center\MobilityService.exe ()

PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

========== Modules (SafeList) ==========

MOD - C:\Users\Margie\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found

SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()

SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\Users\Margie\AppData\Local\Temp\catchme.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)

DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)

DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)

DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\Windows\System32\drivers\BLKWGU.sys (Belkin Corporation)

DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 12:13:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 10:59:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 10:59:56 | 000,000,000 | ---D | M]

[2009/03/10 22:23:58 | 000,000,000 | ---D | M] -- C:\Users\Margie\AppData\Roaming\Mozilla\Extensions

[2009/03/10 22:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/10/12 18:28:25 | 000,000,000 | ---D | M] -- C:\Users\Margie\AppData\Roaming\Mozilla\Firefox\Profiles\447ur75w.default\extensions

[2010/08/05 12:03:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Margie\AppData\Roaming\Mozilla\Firefox\Profiles\447ur75w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/12 18:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/17 10:59:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/12/20 23:01:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/09/17 10:59:53 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/09/17 10:59:53 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/12/20 23:00:43 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2010/09/17 10:59:54 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/09/09 17:37:47 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/09/09 17:37:47 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/09/09 17:37:47 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/09/09 17:37:47 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/09/09 17:37:47 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/09/09 17:37:47 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/09/09 17:37:47 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/09/09 17:37:47 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/10 19:31:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.113.164.5 212.113.164.6

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/12 13:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/10/12 11:24:39 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/10/10 19:44:51 | 000,000,000 | ---D | C] -- C:\Users\Margie\AppData\Local\temp

[2010/10/10 19:32:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2010/10/10 19:27:46 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2010/10/10 17:06:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/10/09 20:44:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/10/09 20:44:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/10/09 20:44:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/10/09 20:44:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/10/09 20:43:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/06 20:47:49 | 000,000,000 | ---D | C] -- C:\Users\Margie\AppData\Roaming\SUPERAntiSpyware.com

[2010/10/06 20:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/10/06 20:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/10/03 17:33:43 | 000,000,000 | ---D | C] -- C:\Users\Margie\Desktop\Epson Printer

[2010/10/03 17:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL

[2010/10/03 17:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software

[2010/10/03 17:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint

[2010/10/03 17:20:45 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll

[2010/10/03 17:20:45 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll

[2010/10/03 17:20:45 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll

[2010/10/03 17:20:45 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll

[2010/10/03 17:20:45 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EPPicMgr.dll

[2010/10/03 17:20:01 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL

[2010/10/03 17:19:55 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBFCE.DLL

[2010/10/03 17:19:53 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BFCE.DLL

[2010/10/03 17:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON

[2010/10/03 17:18:59 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\eswiaud.dll

[2010/10/03 17:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\epson

[2010/10/01 15:36:20 | 000,000,000 | ---D | C] -- C:\Users\Margie\AppData\Roaming\Malwarebytes

[2010/10/01 15:36:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/10/01 15:35:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/10/01 15:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/01 15:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/01 00:24:53 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server

[2008/03/10 22:37:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2008/03/10 22:37:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[2007/07/26 02:02:54 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll

[2004/11/24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2010/10/12 19:10:46 | 002,883,584 | -HS- | M] () -- C:\Users\Margie\ntuser.dat

[2010/10/12 19:07:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/12 19:07:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/12 13:08:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/12 11:26:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/10/12 11:25:09 | 000,524,288 | -HS- | M] () -- C:\Users\Margie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2010/10/12 11:25:09 | 000,065,536 | -HS- | M] () -- C:\Users\Margie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010/10/12 11:22:47 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/10/12 11:22:47 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/10/12 11:22:47 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/10/11 23:12:54 | 001,659,669 | -H-- | M] () -- C:\Users\Margie\AppData\Local\IconCache.db

[2010/10/10 19:33:36 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/10/10 19:31:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/10/10 16:02:52 | 003,876,688 | R--- | M] () -- C:\Users\Margie\Desktop\ComboFix.exe

[2010/10/09 19:41:14 | 000,241,152 | ---- | M] () -- C:\Users\Margie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/09 16:33:51 | 000,001,356 | ---- | M] () -- C:\Users\Margie\AppData\Local\d3d9caps.dat

[2010/10/06 20:47:13 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/10/01 15:36:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/01 00:29:25 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI

========== Files Created - No Company Name ==========

[2010/10/09 20:44:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/10/09 20:44:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/10/09 20:44:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/10/09 20:44:51 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/10/09 20:44:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/10/09 20:20:46 | 003,876,688 | R--- | C] () -- C:\Users\Margie\Desktop\ComboFix.exe

[2010/10/06 20:47:13 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/10/03 17:20:45 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2010/10/03 17:20:45 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2010/10/03 17:20:45 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2010/10/03 17:20:45 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2010/10/03 17:20:45 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2010/10/03 17:20:45 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2010/10/03 17:20:45 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2010/10/03 17:20:45 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg

[2010/10/03 17:20:45 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2010/10/03 17:20:45 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg

[2010/10/03 17:20:45 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg

[2010/10/03 17:20:45 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg

[2010/10/03 17:20:45 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg

[2010/10/03 17:20:45 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg

[2010/10/03 17:20:45 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg

[2010/10/03 17:20:45 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg

[2010/10/03 17:20:45 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg

[2010/10/03 17:20:45 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2010/10/03 17:20:45 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg

[2010/10/03 17:20:45 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg

[2010/10/03 17:20:45 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2010/10/03 17:20:45 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2010/10/03 17:20:45 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2010/10/03 17:20:45 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2010/10/03 17:20:45 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2010/10/03 17:20:45 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2010/10/03 17:20:45 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2010/10/03 17:20:45 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2010/10/03 17:20:45 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2010/10/03 17:20:45 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2010/10/03 17:20:44 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg

[2010/10/03 17:20:44 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg

[2010/10/01 15:36:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/09 17:56:36 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2009/06/08 23:01:00 | 000,021,080 | ---- | C] () -- C:\Users\Margie\AppData\Roaming\UserTile.png

[2008/08/08 12:57:15 | 000,001,356 | ---- | C] () -- C:\Users\Margie\AppData\Local\d3d9caps.dat

[2008/08/04 18:28:31 | 000,241,152 | ---- | C] () -- C:\Users\Margie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/07/08 22:30:35 | 000,000,520 | ---- | C] () -- C:\Users\Margie\AppData\Roaming\wklnhst.dat

[2008/07/05 11:14:48 | 000,456,192 | ---- | C] () -- C:\Windows\System32\libmplayer.dll

[2008/07/05 11:14:44 | 003,591,168 | ---- | C] () -- C:\Windows\System32\libavcodec.dll

[2008/07/05 11:13:16 | 000,708,096 | ---- | C] () -- C:\Windows\System32\ff_x264.dll

[2008/06/22 17:34:00 | 000,177,664 | ---- | C] () -- C:\Windows\System32\ff_theora.dll

[2008/06/13 11:39:38 | 000,023,552 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll

[2008/06/12 18:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2008/03/10 23:20:15 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/03/10 23:20:05 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI

[2008/03/10 23:19:58 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI

[2007/07/26 17:15:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2007/07/26 03:44:56 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys

[2007/07/26 03:44:56 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2007/07/26 02:02:57 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007/07/26 02:02:57 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007/07/26 02:02:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll

[2007/07/26 02:02:54 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2007/07/10 16:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2005/07/12 13:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL

[2004/10/03 17:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll

[2004/03/23 15:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll

[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >

Thank you.

Link to post
Share on other sites

That is because it is hidden.

Please click on Tools> Folder Options > click on View then Uncheck the following:

  • Show hidden files and folders
  • Hide protected operating system files

then hit ok to save the changes.

Then it will be visible.

You can place check marks next to them once the folder is deleted.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.