Page 2 of 5 FirstFirst 12345 LastLast
Results 11 to 20 of 47

Thread: invalid security certificates everywhere I go

  1. #11
    Member
    Join Date
    Aug 2009
    Posts
    44

    Default invalid security warnings

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
    Interface type: IDE
    Media Type: Fixed\thard disk media
    Model: ST3200826A
    Partitions: 2
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 -
    Interface type: USB
    Media Type:
    Model: Generic USB SD Reader USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE2 -
    Interface type: USB
    Media Type:
    Model: Generic USB CF Reader USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE3 -
    Interface type: USB
    Media Type:
    Model: Generic USB SM Reader USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE4 -
    Interface type: USB
    Media Type:
    Model: Generic USB MS Reader USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 182.00GB
    Starting Offset: 4770662400
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 4.00GB
    Starting Offset: 32256
    Hidden sectors: 0


    < >
    [2004/08/26 09:12:03 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
    [2004/08/26 11:08:56 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
    [2007/02/20 04:57:23 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1C01F64A-466A-4696-AA08-7A98BA326994}.job
    [2009/03/01 12:05:00 | 000,000,472 | ---- | C] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2012/03/30 05:04:40 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    [2012/07/08 06:51:34 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
    [C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

    < End of report >


    OTL Extras logfile created on: 2/6/2012 7:03:55 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.12 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 57.54% Memory free
    1.98 Gb Paging File | 1.62 Gb Available in Paging File | 81.82% Paging File free
    Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 181.86 Gb Total Space | 142.52 Gb Free Space | 78.37% Space Free | Partition Type: NTFS
    Drive D: | 4.43 Gb Total Space | 2.71 Gb Free Space | 61.07% Space Free | Partition Type: FAT32

    Computer Name: YOUR-382F8BB83C | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "8097:TCP" = 8097:TCP:*:Disabled:EarthLink UHP Modem Support
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
    "C:\Program Files\Common Files\AOL\1147074895\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1147074895\EE\AOLServiceHost.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
    "C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
    "C:\Program Files\PeoplePC\ISP6330\SmartDialer\Dialer.log" = C:\Program Files\PeoplePC\ISP6330\SmartDialer\Dialer.log:*:Enabled:Dialer
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\WINDOWS\system32\mshta.exe" = C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host -- (Microsoft Corporation)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\CallWave\IAM.exe" = C:\Program Files\CallWave\IAM.exe:*:Disabled:CallWave
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
    "{133CD5EF-A4A1-442a-8D50-910B5DEF76BD}" = 4200_Help
    "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
    "{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
    "{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
    "{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
    "{26A24AE4-039D-4CA4-87B4-2F83216017FB}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216020FB}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216021FB}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216022FB}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216023FB}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216024FB}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216026FB}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216029FB}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
    "{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}" = Quicken 2003 Deluxe
    "{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
    "{34611BCF-3157-405b-A34E-879C7DC79142}" = 4200
    "{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
    "{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
    "{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
    "{50915408-4940-4C36-B4CC-0D9944FA4C59}" =
    "{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
    "{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
    "{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
    "{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{688A3383-3CE7-4094-9188-9C39D1E4FCB6}" =
    "{68A2A8FC-2CA0-4b6c-BE09-CC7ABE2A8DDC}" = 4200Trb
    "{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
    "{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
    "{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
    "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
    "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
    "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89C43B94-02D9-47CB-A338-8CEC0E70F638}" =
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90150409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002
    "{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A0DCD97-9648-45ed-A52C-133C728AB2FF}" = 4200Tour
    "{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB2604110" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB2656407" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB2756918" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2" =
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
    "{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}" =
    "{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2418241" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2446704" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2446704v2" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2478658" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2518864" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2539631" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2572058" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2572073" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2604092" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2616155" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2633880" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2639328" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2656352" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2656369" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2656369v2" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2686828" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2698022" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2729450" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2742596" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB983583" =
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473" =
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2695869" =
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003" =
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043" =
    "{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
    "{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
    "{E91E8912-769D-42F0-8408-0E329443BABC}" = Edimax Wireless LAN
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F90DA605-4E92-11D4-A319-00104BCAB4AB}" =
    "{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Edimax Wireless LAN
    "{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe

  2. #12
    Member
    Join Date
    Aug 2009
    Posts
    44

    Smile invalid security warnings

    -Zip" = 7-Zip 3.13
    "AddressBook" =
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "avast" = avast! Free Antivirus
    "Branding" =
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
    "Connection Manager" =
    "DirectAnimation" =
    "DirectDrawEx" =
    "DXM_Runtime" =
    "EarthLink TotalAccess 2004" =
    "ERUNT_is1" = ERUNT 1.1j
    "Fontcore" =
    "getPlus(R)_ocx" = getPlus(R)_ocx
    "HP Photo & Imaging" = HP Image Zone 3.5
    "ICW" =
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "IE40" =
    "IE4Data" =
    "IE5BAKEX" =
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "IEData" =
    "InstallShield Uninstall Information" =
    "InstallShield_{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}" = Quicken 2003 Deluxe
    "InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
    "Internet Call Waiting" =
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0" =
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MobileOptionPack" =
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MPlayer2" =
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSI30a-KB884016" =
    "MSI30-Beta1" =
    "MSI30-Beta2" =
    "MSI30-KB884016" =
    "MSI30-RC1" =
    "MSI30-RC2" =
    "MSI31-Beta" =
    "MSI31-RC1" =
    "MSNINST" = MSN
    "NetMeeting" =
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "OutlookExpress" =
    "PC Pitstop Erase_is1" = PC Pitstop Erase 1.1
    "PC Pitstop Exterminate_is1" = PC Pitstop Exterminate 1.0
    "PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
    "PCHealth" =
    "PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
    "QuickTime" = QuickTime
    "RealPlayer 6.0" = RealPlayer Basic
    "SchedulingAgent" =
    "WIC" =
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMCSetup" = Windows Media Connect
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== Last 20 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 12/26/2007 3:30:19 PM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
    Description =

    Error - 12/27/2007 5:08:36 PM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
    Description =

    Error - 4/6/2008 8:21:49 AM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
    Description =

    Error - 4/7/2008 8:22:43 AM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
    Description =

    Error - 4/7/2008 5:50:54 PM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
    Description =

    Error - 3/10/2010 8:18:54 AM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 2/3/2012 11:18:20 AM | Computer Name = YOUR-382F8BB83C | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 2/3/2012 11:18:21 AM | Computer Name = YOUR-382F8BB83C | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 2/4/2012 8:44:10 AM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
    Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
    zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

    Error - 2/4/2012 4:03:42 PM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
    Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
    zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

    Error - 2/5/2012 8:14:21 AM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
    Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
    zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

    Error - 2/5/2012 6:52:39 PM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
    Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
    zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

    Error - 2/5/2012 7:33:54 PM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
    Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
    zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

    Error - 2/6/2012 8:53:41 AM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
    Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
    zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

    Error - 2/6/2012 5:59:56 PM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
    Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
    zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

    Error - 2/6/2012 9:49:06 PM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
    Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
    zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

    [ System Events ]
    Error - 2/6/2012 8:54:51 AM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7000
    Description = The IMAPI CD-Burning COM Service service failed to start due to the
    following error: %%1053

    Error - 2/6/2012 8:54:51 AM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the NVSvc service.

    Error - 2/6/2012 5:58:50 PM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7000
    Description = The a-squared Free Service service failed to start due to the following
    error: %%21

    Error - 2/6/2012 5:58:50 PM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 2/6/2012 5:58:53 PM | Computer Name = YOUR-382F8BB83C | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2711'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 2/6/2012 5:58:53 PM | Computer Name = YOUR-382F8BB83C | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2711'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 2/6/2012 9:49:04 PM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7000
    Description = The a-squared Free Service service failed to start due to the following
    error: %%21

    Error - 2/6/2012 9:49:04 PM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 2/6/2012 9:49:09 PM | Computer Name = YOUR-382F8BB83C | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2711'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 2/6/2012 9:49:10 PM | Computer Name = YOUR-382F8BB83C | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2711'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.


    < End of report >


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-06 19:23:37
    -----------------------------
    19:23:37.296 OS Version: Windows 5.1.2600 Service Pack 3
    19:23:37.296 Number of processors: 1 586 0x3702
    19:23:37.296 ComputerName: YOUR-382F8BB83C UserName: Owner
    19:23:37.796 Initialize success
    19:23:40.625 AVAST engine defs: 13020601
    19:23:56.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    19:23:56.546 Disk 0 Vendor: ST3200826A 3.03 Size: 190782MB BusType: 3
    19:23:56.562 Disk 0 MBR read successfully
    19:23:56.578 Disk 0 MBR scan
    19:23:56.578 Disk 0 unknown MBR code
    19:23:56.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 186222 MB offset 9317700
    19:23:56.593 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4549 MB offset 63
    19:23:56.593 Disk 0 scanning sectors +390700800
    19:23:56.687 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:24:15.390 Service scanning
    19:24:29.859 Modules scanning
    19:24:45.390 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
    19:24:48.156 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
    19:24:48.500 Disk 0 trace - called modules:
    19:24:48.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    19:24:48.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88b46ab8]
    19:24:48.531 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\00000088[0x88b8bf18]
    19:24:48.531 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x88b5d940]
    19:24:49.046 AVAST engine scan C:\WINDOWS
    19:25:23.265 AVAST engine scan C:\WINDOWS\system32
    19:29:28.390 AVAST engine scan C:\WINDOWS\system32\drivers
    19:30:06.718 AVAST engine scan C:\Documents and Settings\Owner
    19:39:29.000 AVAST engine scan C:\Documents and Settings\All Users
    19:41:01.718 Scan finished successfully
    19:41:18.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
    19:41:18.750 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


    Upon opening MSN.com, I still get the invalid security warning!< did note some suspicious files in the Windows/system32 and ion the other logs I can see a lot of errors the day, I knew that my computer was infected 2/2/13

    Thank you very much, and so look forward to our further interactions to save my computer!

  3. #13
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi djtchrroberts,

    Please download all tools requested to your desktop, unless instructed otherwise.

    = = = = = = = = = =
    • Download to your desktop RogueKiller (by tigzy)
    • Quit all programs
    • Double Click the desktop icon to start RogueKiller
    • Wait until Prescan has finished ...
    • Click on Scan
    • Click the Report button, save the report to your desktop
    Next

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    Next

    Please go to: VirusTotal


    • Click the Browse button and search for the following file:
      • C:\WINDOWS\System32\drivers\dxgthk.sys
      • C:\WINDOWS\system32\ntdll.dll
    • Click Open
    • Then click Send File
    • Please be patient while the file is scanned.
    • Once the scan results appear, please provide them in your next reply.
    If it says already scanned -- click "reanalyze now"

    Next

    Run OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - No CLSID value found.
      O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
      O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
      
      :Files
      C:\93f86feff724bd3324bdc64b
      C:\Documents and Settings\Owner\Application Data\PeoplePal
      
      :Commands
      [purity]
      [createrestorepoint]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

    In your next post please provide the following:
    • RogueKiller log
    • TDSSKiller log
    • VirusTotal results (2 files uploaded)
    • OTL.txt
    • Check multiple web pages for Invalid Security Certificate errors.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  4. #14
    Member
    Join Date
    Aug 2009
    Posts
    44

    Question invalid security warning

    upon going to the Roguekiller webpage i get the warning about an invalid security certificate and even if I ignore that warning and start the download, Spybot gives me warnings. Beofer I go any further, I want to make sure that you expected both events to happen!

  5. #15
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi djtchrroberts,

    Since the date & time solution didn't remedy the Invalid Security Certificates, we must assume for now that the malware may be causing these warnings.

    Just proceed past them and complete the steps requested.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  6. #16
    Member
    Join Date
    Aug 2009
    Posts
    44

    Default

    ok, here I go!

  7. #17
    Member
    Join Date
    Aug 2009
    Posts
    44

    Default

    RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Scan -- Date : 02/07/2012 17:23:56
    | ARK || MBR |

    Bad processes : 0

    Registry Entries : 3
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Particular Files / Folders:

    Driver : [LOADED]

    HOSTS File:
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 132.com
    [...]


    MBR Check:

    +++++ PhysicalDrive0: ST3200826A +++++
    --- User ---
    [MBR] 1ab7d3f3ba2000c4ad524a1b49df41cc
    [BSP] 627c4e9302499f2de33a058ef714c708 : Legit2 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 9317700 | Size: 186222 Mo
    1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 4549 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02072012_02d1723.txt >>
    RKreport[1]_S_02072012_02d1723.txt


    TDSSkiller found nothing and no log was created

    Virustotal-I can find the files but they will not upload into the box to be scanned

  8. #18
    Member
    Join Date
    Aug 2009
    Posts
    44

    Angry

    olt ran and the computer rebooted here is the otl log, but I dont think it was modified after the scan?
    OTL logfile created on: 2/6/2012 7:03:55 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.12 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 57.54% Memory free
    1.98 Gb Paging File | 1.62 Gb Available in Paging File | 81.82% Paging File free
    Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 181.86 Gb Total Space | 142.52 Gb Free Space | 78.37% Space Free | Partition Type: NTFS
    Drive D: | 4.43 Gb Total Space | 2.71 Gb Free Space | 61.07% Space Free | Partition Type: FAT32

    Computer Name: YOUR-382F8BB83C | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co., Ltd)
    PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
    PRC - C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
    PRC - C:\Program Files\HP\HP Software Update\hpwuSchd.exe (Hewlett-Packard)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Alwil Software\Avast5\defs\13020601\algo.dll ()
    MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
    MOD - C:\Program Files\EDIMAX\Common\acAuth.dll ()
    MOD - C:\WINDOWS\system32\hpotscl.dll ()


    ========== Services (SafeList) ==========

    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (a2free) -- E:\DIAG & REPAIR\ANTI SPYWARE\A-SQUARED FREE\a2service.exe File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
    DRV - (Changer) -- File not found
    DRV - (BW2NDIS5) -- System32\Drivers\BW2NDIS5.sys File not found
    DRV - (ADSFilter) -- system32\DRIVERS\ADSFilter.sys File not found
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology, Corp.)
    DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
    DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
    DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{72CCA13A-4B37-4B53-8F96-03FBD1EEF699}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {43CE027F-977E-4A4F-88A3-9E71D72CB3EE}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{43CE027F-977E-4A4F-88A3-9E71D72CB3EE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{72CCA13A-4B37-4B53-8F96-03FBD1EEF699}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{7A4490DC-927C-4758-9637-43CB97CFA63F}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=MS8TDF&pc=MS8TDF&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{A93C3295-EECD-4409-AB96-2B154D5C8D66}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
    FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.2.20111006100951
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/14 05:37:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/26 18:46:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/26 18:46:32 | 000,000,000 | ---D | M]

    [2009/11/21 07:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2012/02/01 19:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zxy704qm.default\extensions
    [2010/04/29 04:15:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zxy704qm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/05/12 06:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/11/14 05:37:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
    [2012/02/16 15:04:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/05/11 14:53:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/16 15:04:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/05/11 14:53:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/05/11 14:53:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com/

    O1 HOSTS File: ([2009/08/30 06:37:55 | 000,326,901 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 11184 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
    O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PC Pitstop Erase Scheduler] C:\Program Files\PCPitstop\Erase\PCPitstopErase.exe (PC Pitstop, LLC.)
    O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
    O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
    O4 - HKCU..\Run: [Power2GoExpress] File not found
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2006/08/07 14:55:02 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE (Intuit)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co., Ltd)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O15 - HKCU\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
    O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C353AE75-28E8-460E-8CBE-973FE3C5C2D8}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
    O32 - AutoRun File - [2007/11/11 19:59:21 | 000,000,029 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
    O33 - MountPoints2\{7b245741-de65-11da-869a-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b245741-de65-11da-869a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7b245741-de65-11da-869a-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
    O33 - MountPoints2\{7f41a1aa-e21b-11df-b362-0016173f1d9c}\Shell - "" = AutoRun
    O33 - MountPoints2\{7f41a1aa-e21b-11df-b362-0016173f1d9c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7f41a1aa-e21b-11df-b362-0016173f1d9c}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/09 06:20:48 | 000,000,000 | ---D | C] -- C:\93f86feff724bd3324bdc64b
    [2012/12/30 07:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
    [2012/11/01 19:02:42 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
    [2012/10/02 11:04:21 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\synceng.dll
    [2012/07/06 06:58:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browser.dll
    [2012/06/20 05:33:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/06/20 05:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/06/14 04:46:21 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
    [2012/05/11 14:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
    [2012/05/11 14:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/03/30 16:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\visi_coupon
    [2012/03/30 05:04:22 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/02/29 07:10:16 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll
    [2012/02/16 15:04:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/02/16 15:04:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/02/16 15:04:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/02/16 15:04:43 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/02/16 15:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/02/06 18:54:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2012/02/05 10:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
    [2012/02/01 18:06:52 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2012/02/01 18:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2012/02/01 18:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/02/01 18:04:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
    [2009/01/03 10:11:00 | 054,157,776 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_176a1400.exe
    [2009/01/01 12:30:42 | 053,682,216 | ---- | C] (AVG Technologies) -- C:\Program Files\index.php
    [2008/10/18 05:54:06 | 007,857,600 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-x64-v2.3.exe
    [2008/01/27 10:07:28 | 007,467,056 | ---- | C] (Safer Networking Ltd. ) -- C:\Program Files\spybotsd15.exe
    [2007/12/30 19:40:28 | 001,386,736 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB904706-v2-x86-ENU.exe
    [2007/02/17 20:40:21 | 000,288,616 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxwebsetup.exe
    [9 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
    [3 C:\*.tmp files -> C:\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/31 14:53:11 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1C01F64A-466A-4696-AA08-7A98BA326994}.job
    [2013/01/27 12:04:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2013/01/26 15:52:07 | 000,000,233 | ---- | M] () -- C:\WINDOWS\qwimp.ini
    [2013/01/26 15:45:47 | 000,001,372 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
    [2013/01/09 15:48:25 | 000,441,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/01/09 15:48:25 | 000,071,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/01/09 06:19:21 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/01/08 17:26:26 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/01/08 17:26:26 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/01/05 22:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2012/12/30 07:00:52 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2012/12/21 15:25:53 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/12/16 05:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
    [2012/12/16 05:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
    [2012/11/14 05:37:04 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/11/12 18:25:12 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
    [2012/11/12 18:25:12 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
    [2012/11/12 15:38:19 | 000,279,707 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\299044_159614940792403_342249757_n[1].JPG
    [2012/11/05 19:01:39 | 001,371,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
    [2012/11/01 19:02:42 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnet.dll
    [2012/11/01 19:02:42 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
    [2012/11/01 05:17:54 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
    [2012/11/01 05:17:54 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
    [2012/11/01 05:17:54 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
    [2012/11/01 05:17:54 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
    [2012/11/01 05:17:54 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
    [2012/11/01 05:17:54 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
    [2012/11/01 05:17:54 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
    [2012/11/01 05:17:54 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
    [2012/11/01 05:17:54 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
    [2012/11/01 05:17:54 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
    [2012/11/01 05:17:54 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
    [2012/11/01 05:17:54 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
    [2012/11/01 05:17:54 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
    [2012/11/01 05:17:54 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
    [2012/11/01 05:17:54 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
    [2012/11/01 05:17:54 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
    [2012/11/01 05:17:54 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
    [2012/11/01 05:17:54 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
    [2012/11/01 05:17:54 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
    [2012/11/01 05:17:54 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
    [2012/11/01 05:17:54 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
    [2012/11/01 05:17:53 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
    [2012/11/01 05:17:53 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
    [2012/11/01 05:17:53 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
    [2012/11/01 05:17:53 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
    [2012/11/01 05:17:53 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
    [2012/10/31 17:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
    [2012/10/31 17:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
    [2012/10/31 17:35:34 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
    [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2012/10/30 16:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2012/10/30 16:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2012/10/30 16:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2012/10/30 16:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2012/10/30 16:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2012/10/30 16:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2012/10/02 21:58:13 | 000,990,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
    [2012/10/02 11:04:21 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\synceng.dll
    [2012/10/02 11:04:21 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\synceng.dll
    [2012/08/24 06:53:22 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
    [2012/08/21 06:33:26 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
    [2012/08/21 06:29:19 | 002,192,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
    [2012/08/21 06:29:19 | 002,192,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
    [2012/08/21 05:58:09 | 002,027,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
    [2012/08/21 05:58:06 | 002,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
    [2012/08/21 05:58:06 | 002,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
    [2012/07/06 06:58:52 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
    [2012/07/06 06:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browser.dll
    [2012/07/04 07:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
    [2012/06/08 07:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
    [2012/06/05 08:50:25 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
    [2012/06/03 21:32:08 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
    [2012/06/02 14:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
    [2012/06/02 14:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
    [2012/06/02 14:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
    [2012/06/02 14:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
    [2012/06/02 14:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
    [2012/06/02 14:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
    [2012/06/02 14:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
    [2012/06/02 14:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
    [2012/06/02 14:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
    [2012/06/02 14:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
    [2012/06/02 14:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
    [2012/06/02 14:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
    [2012/06/02 14:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
    [2012/06/02 14:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
    [2012/06/02 14:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
    [2012/06/02 14:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
    [2012/06/02 14:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
    [2012/06/01 09:50:06 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
    [2012/05/28 11:16:33 | 000,536,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
    [2012/05/14 16:43:20 | 000,000,538 | ---- | M] () -- C:\WINDOWS\intuprof.ini
    [2012/05/14 02:22:41 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
    [2012/05/02 18:56:00 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Utility.lnk
    [2012/02/29 07:10:16 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll
    [2012/02/16 15:04:06 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/02/16 15:04:06 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/02/16 15:04:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2012/02/16 15:04:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/02/16 15:04:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/02/06 18:54:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2012/02/06 18:50:14 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/02/06 18:49:26 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/02/06 18:48:54 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012/02/06 18:48:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/02/06 18:48:23 | 1207,357,440 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/06 18:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/02/01 18:06:53 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2012/02/01 18:05:48 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/02/01 18:05:15 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
    [2012/02/01 18:05:15 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
    [2012/02/01 18:04:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
    [2012/02/01 17:11:36 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mozilla Firefox.lnk
    [2012/01/11 12:06:47 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/11 12:06:47 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
    [9 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
    [3 C:\*.tmp files -> C:\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/12/30 07:00:52 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2012/11/12 15:38:18 | 000,279,707 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\299044_159614940792403_342249757_n[1].JPG
    [2012/07/08 06:51:34 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/05/11 14:54:04 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/05/01 19:20:09 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\rt73.bin
    [2012/05/01 19:19:57 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Utility.lnk
    [2012/03/30 05:04:40 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/02/16 05:13:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/16 05:13:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
    [2012/02/01 18:05:48 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/02/01 18:05:15 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
    [2012/02/01 18:05:15 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
    [2012/02/01 17:11:36 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Mozilla Firefox.lnk
    [2011/09/04 12:43:58 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
    [2011/09/04 12:43:58 | 000,029,134 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
    [2011/07/26 11:38:45 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
    [2010/09/21 13:39:23 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2661.bin
    [2010/09/21 13:39:23 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561s.bin
    [2010/09/21 13:39:23 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561.bin
    [2008/01/05 10:07:06 | 038,121,770 | ---- | C] () -- C:\Program Files\Office2003SP3-KB923618-FullFile-ENU.exe
    [2006/10/22 07:38:01 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/08/08 17:23:30 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2006/08/07 21:18:12 | 001,070,492 | ---- | C] () -- C:\Program Files\InstallICW.EXE

    ========== ZeroAccess Check ==========

    [2006/05/08 01:41:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/12/18 06:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2012/06/20 05:33:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2008/08/25 14:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2012/06/20 05:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2008/05/22 18:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2010/04/22 14:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PeoplePC Online
    [2006/08/07 17:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Earthlink
    [2008/08/25 15:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Grisoft
    [2009/05/09 07:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
    [2010/03/17 04:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PeoplePal
    [2010/04/22 14:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PeoplePC Online
    [2006/05/08 00:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
    [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
    [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
    [2004/08/04 12:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

    < MD5 for: SVCHOST.EXE >
    [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2004/08/04 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/04 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < %systemroot%\*./rp /s >

    < %systemdrive%\$Recycle.Bin|@;true;true;true >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s> >

    ========== Base Services ==========
    SRV - [2008/04/13 17:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
    SRV - [2008/04/13 17:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
    SRV - [2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
    SRV - [2012/07/06 06:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
    SRV - [2008/04/13 17:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
    SRV - [2008/04/13 17:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
    SRV - [2009/04/20 10:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
    SRV - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
    SRV - [2008/04/13 17:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
    SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
    SRV - [2008/04/13 17:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
    SRV - [2008/04/13 17:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
    SRV - [2008/04/13 17:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
    SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
    SRV - [2008/04/13 17:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
    SRV - [2008/04/13 17:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
    SRV - [2008/04/13 17:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
    SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
    SRV - [2008/04/13 17:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
    SRV - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
    SRV - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
    SRV - [2010/08/17 06:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
    SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
    SRV - [2008/04/13 17:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
    SRV - [2008/04/13 17:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
    SRV - [2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
    SRV - [2008/04/13 17:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
    SRV - [2008/04/13 17:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
    SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
    SRV - [2008/04/13 17:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
    SRV - [2010/08/26 22:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
    SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
    SRV - [2008/04/13 17:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
    SRV - [2008/04/13 17:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
    SRV - [2008/04/13 17:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
    SRV - [2008/04/13 17:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
    SRV - [2008/04/13 17:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
    SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
    SRV - [2008/04/13 17:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
    SRV - [2008/04/13 17:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
    SRV - [2008/04/13 17:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
    SRV - [2008/04/13 17:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
    SRV - [2008/04/13 17:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
    SRV - [2008/04/13 17:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
    No service found with a name of Wmi
    SRV - [2008/04/13 17:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
    SRV - [2008/04/13 17:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
    SRV - [2009/06/09 23:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
    Interface type: IDE
    Media Type: Fixed\thard disk media
    Model: ST3200826A
    Partitions: 2
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 -
    Interface type: USB
    Media Type:
    Model: Generic USB SD Reader USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE2 -
    Interface type: USB
    Media Type:
    Model: Generic USB CF Reader USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE3 -
    Interface type: USB
    Media Type:
    Model: Generic USB SM Reader USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE4 -
    Interface type: USB
    Media Type:
    Model: Generic USB MS Reader USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 182.00GB
    Starting Offset: 4770662400
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 4.00GB
    Starting Offset: 32256
    Hidden sectors: 0


    < >
    [2004/08/26 09:12:03 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
    [2004/08/26 11:08:56 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
    [2007/02/20 04:57:23 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1C01F64A-466A-4696-AA08-7A98BA326994}.job
    [2009/03/01 12:05:00 | 000,000,472 | ---- | C] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2012/03/30 05:04:40 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    [2012/07/08 06:51:34 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
    [C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

    < End of report >

  9. #19
    Member
    Join Date
    Aug 2009
    Posts
    44

    Unhappy invalid security warning

    I still get the invalid security warning on multiple web pages.
    .

  10. #20
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi djtchrroberts,

    Both your RogueKiller log and the OTL log display a date that is about 1 year off. Please check your date and time again to be sure you have the correct date & year.

    Scan -- Date : 02/07/2012 17:23:56 <--RougeKiller

    OTL logfile created on: 2/6/2012 7:03:55 PM - Run 1 <--OTL

    = = = = = = = = = =

    The OTL.txt log you posted was incorrect. That log was from the original scan with OTL - OTL logfile created on: 2/6/2012 7:03:55 PM - Run 1

    The log I need to see will show OTL logfile created on: (date & time you ran the scan) - Run 2

    Next

    Reboot Windows XP in Safe Mode w/ Networking
    • Restart your computer.
    • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
    • Select the option for Safe Mode w/ Networking using the arrow keys.
    • Then press enter on your keyboard to boot into Safe Mode w/ Networking.
    Next

    Repeat the VirusTotal step:

    Please go to: VirusTotal


    • Click the Browse button and search for the following file:
      • C:\WINDOWS\System32\drivers\dxgthk.sys
      • C:\WINDOWS\system32\ntdll.dll
    • Click Open
    • Then click Send File
    • Please be patient while the file is scanned.
    • Once the scan results appear, please provide them in your next reply.
    If it says already scanned -- click "reanalyze now"

    Next

    Reboot into Normal Mode

    In your next post please provide the following:
    • OTL.txt (Run 2)
    • VirusTotal results
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •