PDA

View Full Version : Malware keeps on blocking the website and spybot



bl4kdev1l
2010-03-04, 08:27
Some Malware won't let me run Spybot.

Edit:
Removed link to start a new topic


i had the Antivirus XP 2010 and i think i removed it online but i still think is on the PC i have some logs here i will post from Malware bytes and otl..

And it doesnt let me run the Spybot or let me go into Safer-networking.org and when i do a search on google it redirects me to site wich i did not search for....

and it locked my right click also

thank you!!!

-------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.42

Database version: 3289

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702



3/1/2010 9:01:27 PM

mbam-log-2010-03-01 (21-01-23).txt



Scan type: Full Scan (C:\|)

Objects scanned: 185769

Time elapsed: 1 hour(s), 1 minute(s), 52 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.



Registry Values Infected:

(No malicious items detected)



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

(No malicious items detected)



Files Infected:

C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.

-------------------------------------------------------------------------



OTL logfile created on: 3/2/2010 11:12:58 PM - Run 1

OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.50 Gb Total Space | 63.88 Gb Free Space | 85.75% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: EMG2

Current User Name: Administrator

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard



========== Processes (SafeList) ==========



PRC - [2010/03/02 23:12:48 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe

PRC - [2010/02/20 16:25:09 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/01/05 12:45:58 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe

PRC - [2010/01/05 12:45:35 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe

PRC - [2009/12/16 13:26:42 | 023,216,128 | ---- | M] () -- C:\Program Files\CounterPath\X-Lite\x-lite.exe

PRC - [2009/12/03 16:14:02 | 000,276,816 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2009/12/03 16:14:00 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2009/08/28 19:48:20 | 000,518,120 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe

PRC - [2009/08/28 19:48:08 | 000,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2008/07/24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe

PRC - [2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/10/28 13:03:32 | 000,327,680 | ---- | M] (KYOCERA MITA) -- C:\Program Files\Kyocera\FileUtility\NsCatCom.exe

PRC - [2003/09/16 14:50:18 | 000,061,440 | ---- | M] (KYOCERA MITA CORPORATION) -- C:\Program Files\Kyocera\FileUtility\SFUSVC.exe





========== Modules (SafeList) ==========



MOD - [2010/03/02 23:12:48 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe





========== Win32 Services (SafeList) ==========



SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2010/01/05 12:45:58 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2009/12/03 16:14:02 | 000,276,816 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/07/24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2003/09/16 14:50:18 | 000,061,440 | ---- | M] (KYOCERA MITA CORPORATION) [Auto | Running] -- C:\Program Files\Kyocera\FileUtility\SFUSVC.exe -- (SFUSVC)





========== Driver Services (SafeList) ==========



DRV - [2010/03/02 16:27:27 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/01/05 12:45:38 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2009/12/03 16:14:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2009/12/03 16:13:56 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)

DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/07/24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/07/24 17:45:20 | 000,010,144 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (lmimirr)

DRV - [2008/05/28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2008/05/28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2008/05/28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2008/04/14 01:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2007/11/15 15:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)

DRV - [2006/05/10 18:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2006/03/23 23:47:06 | 001,166,972 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)

DRV - [2005/01/27 18:31:06 | 000,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)

DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========





IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========



FF - prefs.js..browser.startup.homepage: "http://affiliate.debtpro.org/emlogin.aspx|http://agent2.magnaleads.com"

FF - prefs.js..extensions.enabledItems: http://forums.spybot.info/misc.php?do=email_dev&email=anFzQHN1bi5jb20=:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {B9D703B7-6B4B-48C5-8EF6-095922EDCE2B}:1.9.1

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105





FF - HKLM\software\mozilla\Firefox\extensions\\{B9D703B7-6B4B-48C5-8EF6-095922EDCE2B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{B9D703B7-6B4B-48C5-8EF6-095922EDCE2B} [2010/02/20 16:29:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/02/20 16:33:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/24 22:38:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/24 22:38:14 | 000,000,000 | ---D | M]



[2010/01/14 21:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/03/02 17:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kwniy0em.default\extensions

[2010/01/15 14:30:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kwniy0em.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/02 17:17:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kwniy0em.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/01/14 21:52:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions



O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Mailstation Assistant] C:\Program Files\Pitney Bowes\mailstation 2\mailstationAssistant.exe (Pitney Bowes, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [eyeBeam SIP Client] C:\Program Files\CounterPath\X-Lite\x-lite.exe ()

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [TOY5KNQ8OC] C:\Documents and Settings\Administrator\Local Settings\Temp\Zkv.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner File Utility.lnk = C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238629173187 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243102104359 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1243101306442&h=007fa7819edf8833f9464dddbc97d87e/&filename=jinstall-6u13-windows-i586-jc.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EMG.COM

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.225,93.188.166.71

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/15 18:42:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{e72a8ef4-47c0-11de-a105-0014224537b6}\Shell - "" = AutoRun

O33 - MountPoints2\{e72a8ef4-47c0-11de-a105-0014224537b6}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e72a8ef4-47c0-11de-a105-0014224537b6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2010/03/02 17:17:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010/03/02 16:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/03/02 16:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ryrbim

[2010/02/25 17:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/02/25 17:25:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/02/25 17:25:19 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/02/25 17:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/02/25 17:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/02/25 03:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real

[2010/02/24 23:48:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010/02/24 23:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2010/02/24 23:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Office Genuine Advantage

[2010/02/24 23:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/02/24 23:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/02/24 23:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/02/24 22:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/02/24 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/02/24 22:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/02/24 22:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/02/24 22:35:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/02/24 21:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/02/24 21:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK

[2010/02/24 21:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA

[2010/02/24 20:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/02/24 20:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

[2010/02/24 20:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/02/24 20:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/02/24 20:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2010/02/24 20:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp

[2010/02/24 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2010/02/24 20:36:24 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/02/24 20:36:24 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/02/24 20:36:24 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010/02/24 20:36:24 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010/02/24 20:36:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010/02/24 20:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/02/24 20:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2010/02/21 06:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap

[2010/02/21 00:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/02/21 00:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/02/21 00:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun

[2010/02/20 21:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2010/02/20 21:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/02/20 18:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google

[2010/02/20 18:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google

[2010/02/20 17:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2010/02/20 17:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Help

[2010/02/20 17:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Help

[2010/02/20 16:37:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos

[2010/02/20 16:33:25 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2010/02/20 16:33:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2010/02/20 16:33:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2010/02/20 16:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2010/02/20 16:32:42 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2010/02/20 16:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Real

[2010/02/20 16:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real

[2010/02/20 16:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real

[2010/02/20 16:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real

[2010/02/20 16:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/02/20 16:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2010/02/20 16:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/02/20 16:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{B9D703B7-6B4B-48C5-8EF6-095922EDCE2B}

[2010/02/20 16:28:22 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys

[2010/02/20 16:28:22 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys

[2010/02/20 16:27:49 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys

[2010/02/20 16:27:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys

[2010/02/20 16:27:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys

[2010/02/02 21:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee

[2010/01/21 17:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS

[2009/06/04 06:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2006/12/15 18:42:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2006/12/15 18:42:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



[2010/03/02 23:15:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8DCB11E0-48ED-4874-8F8A-242E2DEBF303}.job

[2010/03/02 23:14:35 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\urdgr.sys

[2010/03/02 22:49:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/03/02 22:15:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/02 22:13:25 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1844823847-682003330-500.job

[2010/03/02 22:13:25 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/03/02 22:13:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/03/02 22:13:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/02 22:13:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/02 22:12:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010/03/02 22:12:37 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/03/02 22:12:36 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2010/03/02 22:03:36 | 000,000,199 | -HS- | M] () -- C:\boot.ini

[2010/03/02 21:40:56 | 000,011,912 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2542G16705fU

[2010/03/02 21:29:11 | 000,198,656 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\av.exe

[2010/03/02 16:45:23 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk

[2010/03/02 16:43:33 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/02 16:27:27 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/03/02 00:39:56 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys

[2010/03/02 00:00:39 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1844823847-682003330-500.job

[2010/03/01 19:44:14 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/02/25 17:25:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/24 23:37:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/02/24 22:38:05 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/02/24 20:54:08 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

[2010/02/24 20:36:39 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/02/24 20:16:25 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/02/24 20:15:57 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Fgezuwamoheyeval.dat

[2010/02/24 20:15:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kxaxahaz.bin

[2010/02/21 00:48:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/02/20 16:33:31 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk

[2010/02/20 16:33:25 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2010/02/20 16:33:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2010/02/20 16:33:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2010/02/20 16:32:42 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2010/02/11 07:45:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/02/10 15:28:54 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Marketing Agreement.doc

[2010/02/02 19:56:16 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2010/02/02 19:56:16 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2010/02/01 21:11:14 | 007,509,121 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mc Joha - 2do Rebote (Masacre pa Sobrino) (Www.SinDema.CoM).mp3 (http://Www.SinDema.CoM%29.mp3)

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



========== Files Created - No Company Name ==========



[2010/03/02 21:29:12 | 000,011,912 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2542G16705fU

[2010/03/02 21:29:11 | 000,198,656 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\av.exe

[2010/03/02 16:45:23 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk

[2010/03/02 16:43:20 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/02 00:00:42 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1844823847-682003330-500.job

[2010/03/02 00:00:39 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1844823847-682003330-500.job

[2010/02/25 17:25:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/24 23:37:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/02/24 22:41:05 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/02/24 22:38:05 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/02/24 21:32:51 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/02/24 20:54:08 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

[2010/02/24 20:39:02 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/02/24 20:39:02 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/02/24 20:36:39 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/02/20 16:33:31 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk

[2010/02/20 16:29:23 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\urdgr.sys

[2010/02/20 16:29:15 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Fgezuwamoheyeval.dat

[2010/02/20 16:29:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kxaxahaz.bin

[2010/02/10 15:28:54 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Marketing Agreement.doc

[2010/02/01 21:11:14 | 007,509,121 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mc Joha - 2do Rebote (Masacre pa Sobrino) (Www.SinDema.CoM).mp3 (http://Www.SinDema.CoM%29.mp3)

[2010/01/09 20:07:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/05/27 13:36:52 | 000,000,174 | ---- | C] () -- C:\WINDOWS\nscatch.ini

[2009/05/23 13:05:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/04/16 20:34:08 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/04/16 20:34:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2006/04/22 18:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

------------------------------------------------------------------------

OTL Extras logfile created on: 3/2/2010 11:12:58 PM - Run 1

OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.50 Gb Total Space | 63.88 Gb Free Space | 85.75% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: EMG2

Current User Name: Administrator

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard



========== Extra Registry (SafeList) ==========





========== File Associations ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]



[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)



========== Shell Spawning ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)



========== Security Center Settings ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"37100:TCP" = 37100:TCP:*:Enabled:scanner



========== Authorized Applications List ==========



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\Kyocera\FileUtility\NsCatCom.exe" = C:\Program Files\Kyocera\FileUtility\NsCatCom.exe:*:Enabled:Scanner File Utility -- (KYOCERA MITA)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)





========== HKEY_LOCAL_MACHINE Uninstall List ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{5D3369CC-BDBC-4D26-B293-ED2EA4FADF3F}" = mailstation assistant

"{5FC6E15E-B897-46C4-84D1-15E23AAC2E8A}" = MojoSoap30

"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer

"{61C79AE1-5403-4687-AC68-28BFA5EF3895}" = Kyocera Scanner File Utility

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller

"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn

"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0EED196-57F3-46B7-AC3B-B2DD45B01A43}" = MySQL Connector/ODBC 3.51

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.865

"CCleaner" = CCleaner

"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.5 (Standard)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Security Scan" = McAfee Security Scan Plus

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mojo Sales Engine_is1" = Making Sales Happen 2.2.91

"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"RealPlayer 12.0" = RealPlayer

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"X-Lite 1.5_is1" = X-Lite 3.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0



========== HKEY_CURRENT_USER Uninstall List ==========



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]



========== Last 10 Event Log Errors ==========



[ Application Events ]

Error - 3/1/2010 8:58:33 PM | Computer Name = EMG2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established



Error - 3/1/2010 9:01:41 PM | Computer Name = EMG2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established



Error - 3/1/2010 9:01:42 PM | Computer Name = EMG2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.



Error - 3/1/2010 10:57:23 PM | Computer Name = EMG2 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.



Error - 3/1/2010 11:02:32 PM | Computer Name = EMG2 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.



Error - 3/1/2010 11:02:33 PM | Computer Name = EMG2 | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.



Error - 3/1/2010 11:04:11 PM | Computer Name = EMG2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established



Error - 3/1/2010 11:07:25 PM | Computer Name = EMG2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established



Error - 3/1/2010 11:07:26 PM | Computer Name = EMG2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.



Error - 3/1/2010 11:25:19 PM | Computer Name = EMG2 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.



[ System Events ]

Error - 3/2/2010 11:11:20 PM | Computer Name = EMG2 | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.



Error - 3/2/2010 11:11:41 PM | Computer Name = EMG2 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain EMG due to the following:

%%1311. Make sure that the computer is connected to the network and try again. If

the problem persists, please contact your domain administrator.



Error - 3/2/2010 11:11:42 PM | Computer Name = EMG2 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}



Error - 3/2/2010 11:12:37 PM | Computer Name = EMG2 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}



Error - 3/2/2010 11:13:31 PM | Computer Name = EMG2 | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.



Error - 3/2/2010 11:13:31 PM | Computer Name = EMG2 | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.



Error - 3/2/2010 11:13:56 PM | Computer Name = EMG2 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain EMG due to the following:

%%1311. Make sure that the computer is connected to the network and try again. If

the problem persists, please contact your domain administrator.



Error - 3/2/2010 11:13:59 PM | Computer Name = EMG2 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 2 minutes. NtpClient has no source of accurate

time.



Error - 3/2/2010 11:13:59 PM | Computer Name = EMG2 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 2 minutes. NtpClient has no source of accurate

time.



Error - 3/2/2010 11:14:53 PM | Computer Name = EMG2 | Source = Service Control Manager | ID = 7023

Description = The Windows Snapshot Provider service terminated with the following

error: %%126





< End of report >

----------------------------------------------------------------------

tashi
2010-03-04, 09:03
Hello bl4kdev1l,

Please see this forum's FAQ which details how to produce a HJT log and copy paste it into a new topic. Also provide a link back to this thread. :)

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

If HJT won't run please start a new topic anyway, make note of the situation and a volunteer analyst will advise you when available.

Best regards.