Jump to content
Sign in to follow this  
breakingorbit

My Hi Jack This Logs.

Recommended Posts

Go ahead and run Combofix with this new script

 

DDS::
uWinlogon: Shell=c:\documents and settings\eric\application data\hotfix.exe
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

File::
c:\documents and settings\eric\application data\hotfix.exe
c:\windows\ahicenay.dll

There is one more I want to check but we can do that later

Share this post


Link to post
Share on other sites

ken Here is my CFScript log. Also AVG kept flagging this "C:\windows\ahicenay.dll TROJAN HORSE Generic20.ACHD" while I was trying to uninstall it to run Combofix.

 

ComboFix 10-12-04.02 - eric 12/05/2010 18:27:30.8.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.2097 [GMT -5:00]

Running from: c:\documents and settings\eric\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\eric\Desktop\CFScript.txt

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2}

 

FILE ::

"c:\documents and settings\eric\application data\hotfix.exe"

.

 

((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))

.

 

2010-12-03 14:09 . 2010-12-03 14:09 -------- d-----w- c:\documents and settings\eric\Local Settings\Application Data\AVG Security Toolbar

2010-12-01 12:24 . 2010-12-04 14:24 0 ----a-w- c:\windows\Mpemabowinewunoz.bin

2010-12-01 03:38 . 2010-12-01 03:38 -------- d-----w- c:\documents and settings\Madison_2\Local Settings\Application Data\AVG Security Toolbar

2010-12-01 03:38 . 2010-12-01 03:38 -------- d-----w- c:\documents and settings\Madison_2\Application Data\AVG10

2010-12-01 02:39 . 2010-12-01 02:39 -------- d-----w- c:\documents and settings\boston\Local Settings\Application Data\AVG Security Toolbar

2010-12-01 02:39 . 2010-12-01 02:39 -------- d-----w- c:\documents and settings\boston\Application Data\AVG10

2010-12-01 02:26 . 2010-12-01 02:26 -------- d-----w- c:\documents and settings\April\Local Settings\Application Data\AVG Security Toolbar

2010-12-01 02:25 . 2010-12-01 02:25 -------- d-----w- c:\documents and settings\April\Application Data\AVG10

2010-12-01 02:19 . 2010-12-01 02:19 -------- d-----w- c:\documents and settings\eric\Application Data\AVG10

2010-12-01 02:18 . 2010-12-01 02:18 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2010-12-01 02:17 . 2010-12-05 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2010-12-01 02:03 . 2010-12-01 02:04 -------- dc-h--w- c:\windows\ie8

2010-12-01 01:40 . 2010-12-01 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-12-01 01:35 . 2010-12-01 01:36 -------- d-----w- C:\orbit.com

2010-11-29 04:34 . 2010-11-29 04:34 -------- d-----w- c:\documents and settings\boston\Local Settings\Application Data\AskToolbar

2010-11-29 03:15 . 2010-11-29 03:17 -------- d-----w- c:\program files\FrostWire

2010-11-26 13:15 . 2010-11-26 13:15 -------- d-----w- c:\program files\ESET

2010-11-26 12:54 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-26 12:54 . 2010-11-26 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-26 12:54 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 12:51 . 2010-11-26 12:51 -------- d-----w- c:\documents and settings\eric\Local Settings\Application Data\Threat Expert

2010-11-22 20:26 . 2010-11-22 20:26 388096 ----a-r- c:\documents and settings\eric\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-11-22 20:23 . 2010-11-22 20:23 -------- d-----w- C:\hijack this

2010-11-20 15:38 . 2010-11-20 15:38 -------- d-----w- c:\documents and settings\Madison_2\Application Data\IObit

2010-11-17 02:08 . 2010-11-17 02:08 -------- d-----w- c:\program files\Yahoo! Games

2010-11-16 03:02 . 2010-11-29 05:40 -------- d-----w- c:\documents and settings\boston\Application Data\FrostWire

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-06 11:34 . 2010-09-26 02:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-09-18 16:23 . 2004-08-12 13:59 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-12 13:59 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-12 13:59 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-12 13:59 953856 ------w- c:\windows\system32\mfc40u.dll

2010-09-15 09:50 . 2010-05-02 18:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 07:29 . 2008-01-25 01:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-10 05:58 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-12 13:59 43520 ------w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2005-09-23 17:22 . 2005-09-23 17:22 774144 -c--a-w- c:\program files\RngInterstitial.dll

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2006-05-06 16:42 . 2006-06-07 12:30 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PLNRNote"="c:\program files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe" [2004-11-23 30720]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"XFILTER"="c:\program files\Filseclab\xfilter\xfilter.exe" [2006-12-23 901120]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Filseclab Messenger.lnk - c:\program files\Common Files\Filseclab\FilMsg.exe [2009-7-17 326192]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^eric^Start Menu^Programs^Startup^MostFun.lnk]

backup=c:\windows\pss\MostFun.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-10-14 18:46 77824 -c--a-w- c:\windows\SYSTEM32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-10-14 18:50 114688 -c--a-w- c:\windows\SYSTEM32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]

2003-09-04 02:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2005-03-12 12:25 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]

2005-03-12 12:25 102400 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gusvc"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=

"c:\\Program Files\\Filseclab\\xfilter\\xfilter.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\boston\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

 

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [9/25/2010 9:09 PM 64288]

R0 XPacket;Filseclab Packet Filter;c:\windows\SYSTEM32\xpacket.sys [7/17/2009 9:37 AM 126224]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 9:41 AM 92008]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2010 2:28 PM 135664]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1375992]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15264]

S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [11/19/2007 12:17 PM 20992]

S3 MusCDriverV32;MusCDriverV32;c:\windows\SYSTEM32\DRIVERS\MusCDriverV32.sys [7/19/2007 1:34 PM 513152]

S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [3/26/2007 1:34 PM 642560]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

 

2010-12-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 03:12]

 

2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

 

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 19:28]

 

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 19:28]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Filseclab\xfilter\XFILTER.DLL

Trusted Zone: musicmatch.com\online

FF - ProfilePath - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\

FF - prefs.js: browser.startup.homepage - www.my.yahoo.com

FF - plugin: c:\documents and settings\boston\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}

FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}

FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Extension: AutoPager: autopager@mozilla.org - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\autopager@mozilla.org

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Extension: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}

FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Extension: BlackX: {239c61a8-e55f-11db-8314-0800200c9a66} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}

FF - Extension: BlackFox V1: zigboom@hotmail.com - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\zigboom@hotmail.com

FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\extension@virtusdesigns.com

FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 18:30

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

@=""

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

@=""

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG08.00.00.01WORKSTATION"="7E4583FED74A2E8AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DBA7FD869164D6794A2D97226D213B55546D349E64DF6DFB0A5421B5A0066600A314EF97E601E68365CCBE761943D60B3FD2E915DEABCB0530EE3CBA4BBCDA408A536DEDD12C9224C5DC525C937322B12770E75837A3BB24752FD62C6D4ED44E3361B424E59D273946A3A92B8F6B4246420469908866C1E852896702A2EC0F1A0FED345140CD22CB8A171FBEB3F9F599C3BAE9741B28BDDEB15B67DDD3D031824E93B7A1716A852C97434A14291128E165EA37C28B29812BB766902910E36D0B839ACE6E1F575A03A2853B841006FB80B76834859CFD68D9A7B406D1CBD9F6F8D018B8721C0A00361D720E70FB4DE039BC033F115E851571128CF9F787EC7F5352ABDCBAA9B549B7B6FF04BF8EBCACC4ED098E041EDD0AB8E533170C2177B9EA4722B94F3447DBF2732A074ECF463A60A0DA1F1666467FAE12B002ABE624D55B669C1BA18084E7968B58EE501351B5A1B30BBF731656967C1AC5D0950CD123A2B747488D4493E0626629D176BA32A5EB2C85C36F21FEE48482D6FC003DA61A2A24CB8BD8F8287D7AB7833760ACD0B64E43B79E59F51D2AAF0545CF584A09A96A57D078C4D3CA613A887BAE0DA537CCDA93C90B45153B54D1F9C52C4A64A5ED29C695E1CBA97DE91B076232E03688231DD57A0C3448C7C23975801395E1590C7D5C33F07A4C63660BA7E5EA2C954E258C2EBACA7D9FA4FD483A89ED5C6D35A1A8516B0DD7E10F6C2A32DE27C1B76AAC27A2B3DE916AF99BCEE07E1901D6B2AA1C03D3B22DF512FACA8E52C6B86BB27A30F1EDC06A3CF0CEACDBE095443D8B06B8269EC4B047831C7EDDC3993C02B6C5F6D1D9CEE4D161AA274EF53FD3FA7E2B829A05645480891F2FB1C8B8B21DA519264D88E8905CDFC5C1C0D86E03B7B7AFC76B98EED3018AC3EBC022AE12477F10BA9D3CB2DDFD9B0C262DFEB42848973E111E2AF98E354206F80409F94E8C22D4A54636FA8162E743648824EDB8E1E9043839DD50DADFB4D81FA5B7B98B40FA488E23419BC06544CC8B4E5005B6D9556B0BCBBA3057AE05B20C12FCF556D47C130B3C36B1D2FEA02C36ECBD3645BE28CEF0EE8BEB0DF6C34AC5267B22721E42D5D8B6510F3B6A1A021A44F248BB70DC179AFA1CFB2141805BE0B87405E7D7958659340B1DDE43EF791E859CC5B032DC679B93505A17074409EAF6315BE5828F54D584E80EC289A9D77AFAAAE52627231CFACC89009F5249CC8E6A75400A7ABFBD0495E2E259023E7EA52572FE1221ED913E85628E6465D94EF3D4FA64F0ACD265D3B94F4FED25974388F47356FAE87DD0AB6A98430296E657AA12EB44A3D70731666650F6848D223DD08"

"OODEFRAG10.00.00.01WORKSTATION"="8E7C3B009A948DD467399BD48987C76EB612FC3E4E591363260007F9738D7F9E07DB59BFAF6FDEA3F16FCAE274E8B0BA41188807CA6FE03250FB7CEE00FD5C2792C505C7A0226EEAF7007F96438F74EFA2709E312B53D943660E163BAF07EB22A4028C4779A1FA90E9BB6DF490CA4793E69279ACB7CC46DFB476B264170A2CB665381574BF88563EEBD39E816C0DF06ED158A670AB480190B8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933BA7FD869164D6794198734B519E7B20E758FD09A96559186B2346C664E1486E7C188128A9C7DBF8DEAAB84EF4644242E319E2B169FF7D7E33FEEA0FD485848FB75A9C162F7EE4620F12ADBCF54863D473531DB7261E368FBD9C999CDF560A8F0D0862E364A42DFE23705571A90EDDE53B74DEFA1216D6485FD71789AB336ACD6B78EA8B4A8D210E5A910998CE750307F4ECAFC8DC47B346A0B62DF9680751E78740684FCCC94A16C9BF3C7556C129A2DF3D817125A0B824A47EF776C04D106D034039BA7960E21F043AD8B97D730CCF20AF85A7D102CBE75DA42EA39850E370E89F34ABE86D8DE9EBC8E13E983393919D281E495BA031CF5D0D2E90CF204C3946796F03EC1A3715704BA0F57EDD0951D751B5913D14991031BEFA8EBDBA206FAA97FF49A14AF302DFDAAB6DFBAAEDAB0FD455E1F71C9D90D0D3EDDD0F56A180E0C963EB7E9543AEA6E2C4174B09C4ABADA509E5C5AE474B55FB2C5A89A6FDA4D3196B971D47BEE0D815E6EFEBAFA6253E062C85DEE10A5542E19A0D2C5DBF2EA9D11D7158CA3F442C538FED7673D6CC8C6758FABB75272F17B1031A5986DC8CEBAE78CE3695F35702C01B8CFE96AF09B2756AAC1E0C8284EA9893F6B58F487165654D2156AD35B308BD565A8991EBD0282A8D210B922D3DC81CD16DE6E579F8E2261A551B0BCDA4E9FA7D21A7006E5663CE0C7F9B6A4CA41317686B1E50F453D336E053902E6664A85BAD2CF8DE7BFE39AC8CBD96FA723D846F262097128F0588231F65B4AB579D840293AE7B41964CE4AFE2679209737B1B785837EE5445F4BED2F0440141E4F62B5DD63F4CB85B2ABD974201A29F4278CDBC4C41E3A988E36B645386113AC6A84301B2B7F5EACCC32BDEE0A6E8C53D661F01D84690E6F446D82A3A4AB1E7D8E0FDFF474819BA098524C89B59F735BEA5B96CAA7D5212488F65B4D5D032DC34687D4D4A3E9548A40AC4030F9CA2B49D1D650E296CBD629A710AC1AFB3CDF46DEA30676A31D822532173B26B17CA06E386808CA3A28BA04B0A5C8B51C2176DE68D24FEA61703F3FA01B3F80BA3C6AAD1255893E063CF7CD79DDE620DEF0D87BB835EC984E2F493B81F43428F8013F7F969905CAEACDDFB399"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(864)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2010-12-05 18:32:11

ComboFix-quarantined-files.txt 2010-12-05 23:32

ComboFix2.txt 2010-12-05 22:52

 

Pre-Run: 8,507,404,288 bytes free

Post-Run: 8,487,305,216 bytes free

 

Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - 0A5BD9C3CE225130A71563D034229B9C

 

Thanks Orbit

Share this post


Link to post
Share on other sites

Hi Orbit,

 

Your CF log looks fine. Reboot and see if AVG keeps flagging that file. I don't see it anywhere on your log, it may be gone or in quarantine

 

Download and Run SystemLook

 

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    ahicenay.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

ken,

 

SystemLook 04.09.10 by jpshortstuff

Log created at 21:41 on 05/12/2010 by eric

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "ahicenay.dll"

No files found.

 

-= EOF =-

 

Looks like its ok, what do you think?

Orbit

Share this post


Link to post
Share on other sites

Orbit,

 

I am still looking at those P2P (File Sharing Programs ) on your system. I strongly urge you to uninstall them. Your downloading that file from and unknown source, malware writers are in tune to this and it has become one of the latest ways to infect your computer.

 

Why don't you run this program, its a quick scan and let me take one more final look.

 

OTL by OldTimer

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Share this post


Link to post
Share on other sites

Ken here are my OTL logs:

 

OTL logfile created on: 12/8/2010 3:33:07 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\eric\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.59 Gb Total Space | 7.17 Gb Free Space | 10.01% Space Free | Partition Type: NTFS

 

Computer Name: BOSTON | User Name: eric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\eric\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Filseclab\FilMsg.exe (Filseclab)

PRC - C:\Documents and Settings\boston\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

PRC - C:\Program Files\Apple Software Update\SoftwareUpdate.exe (Apple Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Filseclab\xfilter\xfilter.exe (Filseclab)

PRC - C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRnote.exe (Creative Home)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\eric\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (KodakCCS) -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe (Eastman Kodak Company)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (catchme) -- C:\DOCUME~1\eric\LOCALS~1\Temp\catchme.sys File not found

DRV - (Avgtdix) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgmfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgldx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSShim) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (MusCDriverV32) -- C:\WINDOWS\SYSTEM32\DRIVERS\MusCDriverV32.sys (Windows ® 2000/XP)

DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.)

DRV - (sptd) -- C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys (Duplex Secure Ltd.)

DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)

DRV - (vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Zone Labs, LLC)

DRV - (XPacket) -- C:\WINDOWS\System32\xpacket.sys (Filseclab Corporation)

DRV - (motport) -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys (Motorola)

DRV - (motmodem) -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys (Motorola)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (Bo Brantén)

DRV - (DcCam) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys (Eastman Kodak Company)

DRV - (Exportit) -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys (Eastman Kodak Company)

DRV - (DcPTP) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys (Eastman Kodak Company)

DRV - (DcLps) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys (Eastman Kodak Company)

DRV - (DCFS2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys (Eastman Kodak Company)

DRV - (DcFpoint) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS (NVIDIA Corporation)

DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)

DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)

DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)

DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)

DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=slv5-&p="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/?.home=fftb"

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=slv5-ab&p="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/23 22:12:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/05 21:36:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 06:18:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/30 20:42:18 | 000,000,000 | ---D | M]

 

[2010/07/06 13:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Extensions

[2010/07/06 13:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Extensions\home2@tomtom.com

[2010/12/08 15:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions

[2010/05/05 09:18:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/18 13:57:11 | 000,000,000 | ---D | M] (BlackX) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}

[2010/07/17 10:03:41 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}

[2010/03/31 07:20:25 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}

[2009/03/10 08:01:26 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}(2)

[2010/08/18 15:10:06 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}

[2008/03/05 20:16:46 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}(2)

[2009/06/30 15:34:46 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/09/09 20:32:22 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010/11/15 09:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2010/09/09 20:32:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/11/15 09:08:14 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}

[2010/03/19 12:03:30 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

[2010/10/29 15:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\autopager@mozilla.org

[2010/08/18 15:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\extension@virtusdesigns.com

[2010/10/29 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\smarterwiki@wikiatic.com

[2007/07/28 12:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\videodowloader@videodownloader.net

[2010/11/15 09:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\zigboom@hotmail.com

[2010/08/18 15:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\extension@virtusdesigns.com\__MACOSX

[2010/08/18 15:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\extension@virtusdesigns.com\chrome

[2010/08/18 15:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\extension@virtusdesigns.com\defaults

[2010/08/18 15:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions

[2010/08/18 15:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions

[2005/02/10 16:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\p4sid24g.default\extensions

[2005/02/10 16:13:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\p4sid24g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2005/01/16 16:50:41 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\p4sid24g.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/12/08 14:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/02 13:24:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/09 20:34:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/09 16:36:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2006/05/06 11:42:04 | 007,260,160 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\libvlc.dll

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2005/12/16 12:03:52 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2008/10/09 16:07:34 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

[2005/04/27 15:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

[2006/11/08 14:21:50 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

[2006/05/06 11:42:04 | 000,478,720 | ---- | M] (VideoLAN Team) -- C:\Program Files\Mozilla Firefox\plugins\npvlc.dll

 

O1 HOSTS File: ([2010/12/05 17:50:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [XFILTER] C:\Program Files\Filseclab\xfilter\xfilter.exe (Filseclab)

O4 - HKCU..\Run: [PLNRNote] C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRnote.exe (Creative Home)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Filseclab Messenger.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe (Filseclab)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)

O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/04 16:23:44 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (OODBS) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/12/08 15:26:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\eric\Desktop\OTL.exe

[2010/12/05 21:36:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG

[2010/12/05 21:31:43 | 004,502,408 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\eric\Desktop\avg_avct_stb_all_2011_1170_cnet.exe

[2010/12/05 18:26:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/12/05 17:42:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/12/05 17:42:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/12/05 17:42:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/12/04 09:47:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/12/03 09:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Local Settings\Application Data\AVG Security Toolbar

[2010/11/30 21:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\AVG10

[2010/11/30 21:18:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/11/30 21:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/11/30 21:03:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/11/30 20:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2010/11/30 20:35:51 | 000,000,000 | ---D | C] -- C:\orbit.com

[2010/11/28 22:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire

[2010/11/26 08:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/11/26 07:54:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/26 07:54:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/26 07:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/26 07:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Local Settings\Application Data\Threat Expert

[2010/11/22 15:23:05 | 000,000,000 | ---D | C] -- C:\hijack this

[2010/11/16 21:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games

[2010/11/09 22:20:58 | 000,299,984 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010/11/09 16:36:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/11/09 16:36:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/11/09 16:36:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2005/09/23 12:22:37 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/12/08 15:26:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\eric\Desktop\OTL.exe

[2010/12/08 14:48:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/12/08 13:52:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2010/12/08 12:48:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/12/08 08:48:21 | 101,267,279 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2010/12/08 08:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/12/07 22:12:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/12/07 15:03:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2010/12/07 15:03:24 | 2674,020,352 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/05 21:40:59 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\SystemLook.exe

[2010/12/05 21:37:37 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2010/12/05 21:31:57 | 004,502,408 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\eric\Desktop\avg_avct_stb_all_2011_1170_cnet.exe

[2010/12/05 17:50:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2010/12/05 17:41:30 | 003,984,562 | R--- | M] () -- C:\Documents and Settings\eric\Desktop\ComboFix.exe

[2010/12/05 08:50:17 | 000,033,740 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\batman-cartoon.jpg

[2010/12/05 08:45:23 | 000,008,481 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\batmanimages.jpg

[2010/12/04 09:24:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mpemabowinewunoz.bin

[2010/12/01 18:35:35 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xhekoful.dat

[2010/12/01 09:02:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/11/30 21:08:16 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/27 11:59:05 | 020,775,936 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2010/11/27 11:59:02 | 014,596,096 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2010/11/22 14:43:41 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\dds.scr

[2010/11/16 21:08:20 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk

[2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/12/08 08:48:21 | 101,267,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2010/12/05 21:40:58 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\SystemLook.exe

[2010/12/05 21:37:37 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2010/12/05 17:42:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/12/05 17:42:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/12/05 17:42:19 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/12/05 17:42:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/12/05 17:42:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/12/05 08:50:10 | 000,033,740 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\batman-cartoon.jpg

[2010/12/05 08:45:21 | 000,008,481 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\batmanimages.jpg

[2010/12/04 09:46:50 | 003,984,562 | R--- | C] () -- C:\Documents and Settings\eric\Desktop\ComboFix.exe

[2010/12/01 07:24:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xhekoful.dat

[2010/12/01 07:24:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mpemabowinewunoz.bin

[2010/11/24 15:50:05 | 000,155,599 | ---- | C] () -- C:\Documents and Settings\eric\Gmer.txt

[2010/11/22 14:43:41 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\dds.scr

[2010/11/16 21:08:20 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk

[2009/07/13 03:57:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI

[2009/07/01 14:29:25 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/01/18 20:52:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI

[2008/08/11 09:26:22 | 000,003,199 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2008/07/21 15:37:03 | 000,000,149 | ---- | C] () -- C:\WINDOWS\ImgTool.INI

[2008/04/27 19:08:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2008/02/20 21:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/02/20 21:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2007/08/21 15:12:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/04/10 12:25:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/04/02 16:58:36 | 000,000,096 | ---- | C] () -- C:\WINDOWS\cdgrabber.ini

[2006/07/25 11:52:47 | 000,000,177 | ---- | C] () -- C:\WINDOWS\bgsdatatemp.INI

[2006/07/25 11:52:14 | 000,000,132 | ---- | C] () -- C:\WINDOWS\gamesystem.ini

[2006/07/06 11:40:49 | 000,000,491 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2006/02/22 00:13:07 | 000,285,696 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll

[2006/02/15 16:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI

[2006/02/10 18:39:20 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI

[2006/01/31 12:20:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.eric.ini

[2006/01/31 10:15:09 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\AB01BC09EF.sys

[2006/01/31 09:41:31 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2005/12/12 19:44:52 | 000,001,001 | ---- | C] () -- C:\WINDOWS\hegames.ini

[2005/11/12 15:28:18 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2005/11/11 15:19:03 | 000,000,080 | ---- | C] () -- C:\WINDOWS\xptools.ini

[2005/11/11 15:08:30 | 000,000,329 | ---- | C] () -- C:\WINDOWS\System32\bn.dll

[2005/10/18 18:57:12 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2005/02/08 19:10:23 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\eric\Application Data\PFP120JPR.{PB

[2005/02/08 19:10:23 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\eric\Application Data\PFP120JCM.{PB

[2005/01/24 15:30:22 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/01/17 16:10:45 | 000,005,485 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini

[2005/01/17 15:01:36 | 000,000,224 | ---- | C] () -- C:\WINDOWS\KA.INI

[2005/01/16 17:27:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\eric\Local Settings\Application Data\fusioncache.dat

[2005/01/14 18:27:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMON.DLL

[2005/01/14 18:27:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMUI.DLL

[2005/01/14 18:25:17 | 000,001,014 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2005/01/14 17:45:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/01/12 14:54:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/01/12 14:48:15 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/01/12 14:14:34 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

 

========== LOP Check ==========

 

[2005/01/14 18:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4200Series

[2010/06/24 14:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/12/05 21:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/11/01 19:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2005/03/01 12:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software

[2010/11/30 21:18:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2006/12/26 18:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Libronix DLS

[2010/12/05 21:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/04/26 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes

[2009/01/15 23:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OptiTex

[2009/08/20 18:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

[2007/07/04 08:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5

[2007/12/13 08:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra

[2010/11/26 19:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/07/06 13:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2007/11/23 11:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/08/07 17:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/01/28 17:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/09/25 21:05:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

[2005/01/15 08:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\4200Series

[2009/01/27 21:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Auslogics

[2010/11/30 21:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\AVG10

[2010/08/17 18:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Azureus

[2008/07/26 14:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\ImgBurn

[2009/02/21 21:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\IObit

[2005/01/14 20:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Jasc

[2005/01/14 17:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Leadertech

[2006/12/26 18:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Libronix DLS

[2008/07/10 15:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\MPEG Streamclip

[2005/04/27 10:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Musicmatch

[2008/12/10 17:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\OpenOffice.org

[2008/07/09 21:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Pegasys Inc

[2008/01/05 16:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\PlayFirst

[2007/07/04 08:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\scar5

[2007/08/21 15:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Serious Magic

[2005/05/09 15:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\SmartDraw

[2006/11/08 14:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Snapfish

[2009/12/09 09:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\SystemRequirementsLab

[2010/07/06 13:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\TomTom

[2009/02/13 21:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Vso

[2005/07/25 09:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Zen Puzzle Garden

[2010/12/07 22:12:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010/12/07 09:23:29 | 000,032,568 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FB468B7

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

 

< End of report >

Share this post


Link to post
Share on other sites

Part 2:

 

OTL Extras logfile created on: 12/8/2010 3:33:07 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\eric\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.59 Gb Total Space | 7.17 Gb Free Space | 10.01% Space Free | Partition Type: NTFS

 

Computer Name: BOSTON | User Name: eric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()

"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Aelitis)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()

"C:\Program Files\Filseclab\xfilter\xfilter.exe" = C:\Program Files\Filseclab\xfilter\xfilter.exe:*:Enabled:xfilter -- (Filseclab)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Documents and Settings\boston\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\boston\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)

"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)

"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK

"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 22

"{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3E24C3A9-FF04-4878-8870-1573EF0CAF65}" = VidiotMaps Map Overlay

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{48A4D5B9-0439-4731-9C2C-292AB9CDC54A}" = Filseclab Personal Firewall

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC

"{563FE39E-B4D7-4DC0-B443-97313128AEC0}" = Hallmark Card Studio Special Edition

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{75DD22C5-3CFD-4FE5-ABB6-8793697549C2}" = COH Character Creator

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update

"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant

"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT

"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2

"{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support

"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C439D065-5B64-4563-A6B9-1AA202633E13}" = Lexmark Fax Solutions

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album

"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4

"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{EEB9A7C4-38A2-423F-96B3-500E1844554A}" = VidiotMaps Map Overlay

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001

"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AVG" = AVG 2011

"AviSynth" = AviSynth 2.5

"Azureus" = Azureus

"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe (remove only)

"CCleaner" = CCleaner (remove only)

"CDisplay_is1" = CDisplay 1.8

"CDisplayEx_is1" = CDisplayEx 1.2

"Champions Online" = Champions Online

"COH" = City of Heroes (remove only)

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.4

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink_is1" = DVD Shrink 3.2

"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.1.1.6

"ESET Online Scanner" = ESET Online Scanner v3

"ExtractNow_is1" = ExtractNow

"ffdshow_is1" = ffdshow [rev 1324] [2007-07-01]

"Free Registry Defrag_is1" = Free Registry Defrag

"Free YouTube Download_is1" = Free YouTube Download 2.2

"FrostWire" = FrostWire 4.21.1

"getPlus®_dll" = getPlus®_dll

"Google Updater" = Google Updater

"Guitar Guru_is1" = Guitar Guru Version 2.2.5.0

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"ie8" = Windows Internet Explorer 8

"ImgBurn" = ImgBurn

"InstallShield_{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime

"InstallShield_{C439D065-5B64-4563-A6B9-1AA202633E13}" = Lexmark 4200 Series Fax Solutions

"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem

"Macromedia Shockwave Player" = Macromedia Shockwave Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)

"NanoScan" = Panda NanoScan

"PROSet" = Intel® PRO Network Adapters and Drivers

"RealAlt_is1" = Real Alternative 1.7.5

"RealPlayer 6.0" = RealPlayer

"RegScrubXP_is1" = RegScrubXP 5.1

"Revo Uninstaller" = Revo Uninstaller 1.83

"Smart Defrag_is1" = Smart Defrag

"SpywareBlaster_is1" = SpywareBlaster 4.4

"SystemRequirementsLab" = System Requirements Lab

"TomTom HOME" = TomTom HOME 2.7.5.2014

"Tweak UI 2.10" = Tweak UI

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VideoLAN VLC media player 0.8.5

"VSO DivxToDVD_is1" = DivxToDVD 0.5.2

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.24

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Yahoo! Anti-Spy" = Yahoo! Anti-Spy

"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer

"Yahoo! Toolbar" = Yahoo! Toolbar

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Vuze Launcher" = Vuze Launcher

"WinDirStat" = WinDirStat 1.1.2

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12/6/2010 10:01:40 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 11402

Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.

Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.

Verify that you have sufficient permissions to access the registry or contact

your Information Technology department for assistance.

 

Error - 12/6/2010 10:01:42 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 1024

Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security

Update for Office 2003 (KB2289187): MSO' could not be installed. Error code 1603.

Windows Installer can create logs to help troubleshoot issues with installing software

packages. Use the following link for instructions on turning on logging support:

http://go.microsoft.com/fwlink/?LinkId=23127

 

Error - 12/7/2010 10:00:55 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 11402

Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.

Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.

Verify that you have sufficient permissions to access the registry or contact

your Information Technology department for assistance.

 

Error - 12/7/2010 10:01:08 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 1024

Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security

Update for Excel 2003 (KB2344893): EXCEL' could not be installed. Error code 1603.

Windows Installer can create logs to help troubleshoot issues with installing software

packages. Use the following link for instructions on turning on logging support:

http://go.microsoft.com/fwlink/?LinkId=23127

 

Error - 12/7/2010 10:01:31 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 11402

Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.

Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.

Verify that you have sufficient permissions to access the registry or contact

your Information Technology department for assistance.

 

Error - 12/7/2010 10:01:32 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 1024

Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security

Update for Office 2003 (KB2289187): MSO' could not be installed. Error code 1603.

Windows Installer can create logs to help troubleshoot issues with installing software

packages. Use the following link for instructions on turning on logging support:

http://go.microsoft.com/fwlink/?LinkId=23127

 

Error - 12/8/2010 10:01:17 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 11402

Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.

Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.

Verify that you have sufficient permissions to access the registry or contact

your Information Technology department for assistance.

 

Error - 12/8/2010 10:01:31 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 1024

Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security

Update for Excel 2003 (KB2344893): EXCEL' could not be installed. Error code 1603.

Windows Installer can create logs to help troubleshoot issues with installing software

packages. Use the following link for instructions on turning on logging support:

http://go.microsoft.com/fwlink/?LinkId=23127

 

Error - 12/8/2010 10:01:53 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 11402

Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.

Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.

Verify that you have sufficient permissions to access the registry or contact

your Information Technology department for assistance.

 

Error - 12/8/2010 10:01:55 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 1024

Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security

Update for Office 2003 (KB2289187): MSO' could not be installed. Error code 1603.

Windows Installer can create logs to help troubleshoot issues with installing software

packages. Use the following link for instructions on turning on logging support:

http://go.microsoft.com/fwlink/?LinkId=23127

 

[ System Events ]

Error - 12/7/2010 4:13:25 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

D92F74B1 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election

is being forced.

 

Error - 12/7/2010 5:25:22 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

D92F74B1 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election

is being forced.

 

Error - 12/7/2010 6:27:23 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

D92F74B1 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election

is being forced.

 

Error - 12/7/2010 7:39:22 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

D92F74B1 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election

is being forced.

 

Error - 12/7/2010 8:51:15 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

D92F74B1 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election

is being forced.

 

Error - 12/7/2010 10:03:08 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

D92F74B1 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election

is being forced.

 

Error - 12/7/2010 11:03:09 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

D92F74B1 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election

is being forced.

 

Error - 12/8/2010 12:03:14 AM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

D92F74B1 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election

is being forced.

 

Error - 12/8/2010 10:01:36 AM | Computer Name = BOSTON | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893).

 

Error - 12/8/2010 10:02:35 AM | Computer Name = BOSTON | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289187).

 

 

< End of report >

 

Thanks Orbit

Share this post


Link to post
Share on other sites

Just curios about these two files.

 

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :file
    C:\WINDOWS\Xhekoful.dat
    C:\WINDOWS\Mpemabowinewunoz.bin
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

 

 

 

 

 

Please run this free online virus scanner from ESET

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

ken here is the system look log, I have to run, I will post the ESET file tonight.

 

SystemLook 04.09.10 by jpshortstuff

Log created at 09:35 on 09/12/2010 by eric

Administrator - Elevation successful

 

========== file ==========

 

C:\WINDOWS\Xhekoful.dat - File found and opened.

MD5: 8EFEABDEEC3DE81C3DC42A2801DDF461

Created at 12:24 on 01/12/2010

Modified at 23:35 on 01/12/2010

Size: 120 bytes

Attributes: --a----

No version information available.

 

 

C:\WINDOWS\Mpemabowinewunoz.bin - File found and opened.

MD5: D41D8CD98F00B204E9800998ECF8427E

Created at 12:24 on 01/12/2010

Modified at 14:24 on 04/12/2010

Size: 0 bytes

Attributes: --a----

No version information available.

 

-= EOF =-

 

Thanks Orbit

Edited by breakingorbit

Share this post


Link to post
Share on other sites

ken, here is my eset log, not sure if this was what you wanted, but seemed to be all I could get.

 

C:\Program Files\EsetOnlineScanner\log.txt

 

C:\Qoobox\Quarantine\C\Documents and Settings\eric\Local Settings\Application Data\414171.exe.vir a variant of Win32/Kryptik.IOW trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\ahicenay.dll.vir a variant of Win32/Cimag.EH trojan cleaned by deleting - quarantined

 

thanks orbit

Share this post


Link to post
Share on other sites

Hi,

 

Lets delete this two files, but leave them in the Recycle bin , reboot and make sure there is no problem, if there is than you can restore them, I am sure there not good.

C:\WINDOWS\Xhekoful.dat

C:\WINDOWS\Mpemabowinewunoz.bin

 

The two entries that ESET found where just backups of what Combofix removed , we will clean all that out in a bit also.

 

Let me know how it went with those two files

Share this post


Link to post
Share on other sites

Sorry for the delay, missed the email notification that you replied.

 

Yes go ahead and clean out the Recycle Bin

 

Open OTL and click on Clean Up and it will remove most of the tools we used to clean your system along with there backups.

 

 

 

 

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

 

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

  • Spybot Search and Destroy 1.6

    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

  • WinPatrol Keep this fine program activated to block a lot of threats

  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

  • IE-Spyad

    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

 

Safe Surfn

Ken

Share this post


Link to post
Share on other sites

As this topic appears to be resolved this thread is now closed.

 

Glad we could help.

 

Let me also take this opportunity to thank ken545 for picking up the thread when I had to leave :b33r:

 

Best wishes

JonTom

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...