[Inactive] serious virus

Printable View

Show 40 post(s) from this thread on one page

February 15th, 2012, 10:08 PM
Broni

OK...
February 16th, 2012, 07:21 PM
kspeel

Running scan now...very sweet program Boni
February 16th, 2012, 07:28 PM
kspeel

Here ya go Broni

OTL logfile created on: 2/16/2012 6:20:51 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 750.00 Mb Available Physical Memory | 78.00% Memory free
859.00 Mb Paging File | 773.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.71 Gb Total Space | 34.04 Gb Free Space | 65.82% Space Free | Partition Type: NTFS
Drive D: | 3.77 Gb Total Space | 3.41 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
Drive I: | 4.18 Gb Total Space | 0.99 Gb Free Space | 23.57% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (itlperf)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/08/11 16:05:24 | 000,085,096 | -H-- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/06/24 11:30:44 | 000,034,856 | -H-- | M] (Retrogamer) [Auto] -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe -- (Retrogamer_2zService)
SRV - [2011/04/27 14:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2004/12/27 09:59:30 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \lcs.exe -- (LCS)
SRV - [1999/12/31 19:00:00 | 000,014,336 | -H-- | M] (LSI Corporation) [Auto] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (vulfntrs)
DRV - File not found [Kernel | On_Demand] -- -- (vulfnths)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/04/19 07:43:59 | 000,015,890 | -H-- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/05/10 13:41:30 | 000,067,656 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 13:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2005/10/20 14:00:04 | 000,243,328 | -H-- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/09/30 00:55:50 | 000,229,888 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 12:38:40 | 000,012,928 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/08/04 07:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/12/02 20:23:20 | 000,142,336 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/18 18:58:20 | 000,036,992 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/07/02 13:42:00 | 000,027,904 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 00:43:50 | 000,023,808 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [1999/12/31 19:00:00 | 003,644,032 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [1999/12/31 19:00:00 | 001,161,696 | -H-- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [1999/12/31 19:00:00 | 000,023,192 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [1999/12/31 19:00:00 | 000,013,976 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Compaq_Owner_ON_C\..\URLSearchHook: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (Retrogamer)
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@Retrogamer_2z.com/Plugin: C:\Program Files\Retrogamer_2z\bar\1.bin\NP2zStub.dll (Retrogamer)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/04/21 07:14:47 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/04/22 02:01:49 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files\Retrogamer_2z\bar\1.bin [2011/06/24 11:30:50 | 000,000,000 | -H-D | M]

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Search Assistant BHO) - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (Retrogamer)
O2 - BHO: (Toolbar BHO) - {fc1e426b-fa76-428f-b680-86ef1edb13c1} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Retrogamer) - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Compaq_Owner_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Compaq_Owner_ON_C\..\Toolbar\WebBrowser: (Retrogamer) - {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LSBWatcher] C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Retrogamer_2z Browser Plugin Loader] C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe (Retrogamer)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UhUknMwmQEyg.exe] C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [WlanUI] C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \WlanUI.exe ()
O4 - HKU\.DEFAULT..\Run: [R8388QA8U8] File not found
O4 - HKU\Compaq_Owner_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/26 20:00:03 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - I:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - I:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/15 21:07:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2012/02/15 19:55:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/15 19:55:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\TestApp
[2012/02/15 19:55:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/02/15 19:28:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012/02/15 12:50:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/15 12:30:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/02/15 12:30:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/02/15 12:04:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/02/15 12:04:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/02/15 12:04:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/02/15 12:04:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/02/15 12:04:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SpySubtract Spyware Manager
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\PC Help & Tools
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Online Services
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/02/15 12:01:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\System Check
[2012/02/14 11:43:31 | 000,000,000 | -H-D | C] -- C:\Program Files\av
[2012/02/14 11:41:14 | 000,763,824 | -H-- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.TaskPanel.v12.0.1.ocx
[2012/02/14 11:41:13 | 001,648,560 | -H-- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.Controls.v12.0.1.ocx
[2012/02/14 11:41:13 | 000,518,064 | -H-- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.SkinFramework.v12.0.1.ocx
[2012/02/14 11:41:12 | 002,111,408 | -H-- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.CommandBars.v12.0.1.ocx
[2012/02/14 11:41:11 | 002,410,416 | -H-- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.Calendar.v12.0.1.ocx
[2012/02/14 11:17:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Business Objects
[2012/02/14 11:10:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/02/14 11:10:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\E2 Shop System 7.2
[2012/02/14 11:10:19 | 000,000,000 | -H-D | C] -- C:\Program Files\E2
[2012/02/14 11:10:18 | 000,557,328 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dao360.dll
[2012/02/14 11:10:11 | 000,089,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vb5db.dll
[2012/02/14 11:09:54 | 000,901,120 | -H-- | C] (Three |D| Graphics, Inc.) -- C:\WINDOWS\System32\sscsdk32.dll
[2012/02/14 11:09:54 | 000,079,872 | -H-- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\S2SQLPRS.dll
[2012/02/14 11:09:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\CRYSTAL
[2012/02/14 11:09:53 | 000,270,336 | -H-- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2SODBC.DLL
[2012/02/14 11:09:53 | 000,171,008 | -H-- | C] (Seagate Software, Inc) -- C:\WINDOWS\System32\P2SOLEDB.DLL
[2012/02/14 11:09:53 | 000,140,288 | -H-- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2SSQL.DLL
[2012/02/14 11:09:53 | 000,061,440 | -H-- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2IRDAO.DLL
[2012/02/14 11:09:52 | 000,847,324 | -H-- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\CRYSTL32.OCX
[2012/02/14 11:09:52 | 000,274,489 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NTWDBLIB.DLL
[2012/02/14 11:09:52 | 000,094,208 | -H-- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2BDAO.DLL
[2012/02/14 11:09:52 | 000,053,248 | -H-- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2CTDAO.DLL
[2012/02/14 11:09:51 | 000,229,888 | -H-- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\CRPAIG32.DLL
[2012/02/14 11:09:51 | 000,129,024 | -H-- | C] (Seagate Software, Inc) -- C:\WINDOWS\System32\P2SMON.DLL
[2012/02/14 11:09:48 | 005,797,888 | -H-- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\CRPE32.DLL
[2012/02/14 11:09:47 | 000,323,584 | -H-- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\CSTEXT32.OCX
[2012/02/14 11:09:47 | 000,081,920 | -H-- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\CSMETE32.OCX
[2012/02/14 11:09:46 | 000,380,928 | -H-- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\CSCMD32.OCX
[2012/02/14 11:09:46 | 000,131,072 | -H-- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\QPRO32.dll
[2012/02/14 11:09:46 | 000,131,072 | -H-- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\CSCOMB32.OCX
[2012/02/14 11:09:45 | 000,345,544 | -H-- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\SSA3D30.OCX
[2012/02/14 11:09:45 | 000,200,704 | -H-- | C] (Micro Estimating Systems, Inc.) -- C:\WINDOWS\System32\TOOLS4MFG.DLL
[2012/02/14 11:09:45 | 000,176,128 | -H-- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\DZIP32.DLL
[2012/02/14 11:09:45 | 000,143,360 | -H-- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\DUNZIP32.DLL
[2012/02/14 11:09:45 | 000,073,728 | -H-- | C] (Inner Media, Inc) -- C:\WINDOWS\System32\DZOCX32.OCX
[2012/02/14 11:09:45 | 000,071,680 | -H-- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\DUZOCX32.OCX
[2012/02/14 11:09:44 | 000,640,512 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OC30.dll
[2012/02/14 11:09:42 | 000,316,344 | -H-- | C] (Apex Software Corporation) -- C:\WINDOWS\System32\TDBGPP.DLL
[2012/02/14 11:09:40 | 000,832,448 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\TDBG6.OCX
[2012/02/14 11:09:35 | 001,044,480 | -H-- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2012/02/14 11:09:35 | 000,124,688 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswinsck.ocx
[2012/02/14 11:09:34 | 000,137,000 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2012/02/14 11:09:34 | 000,103,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMM32.OCX
[2012/02/14 11:09:33 | 001,392,640 | -H-- | C] (Synergration, Inc.) -- C:\WINDOWS\System32\QUICKIIFX.DLL
[2012/02/14 11:09:32 | 000,417,792 | -H-- | C] (ADDSoft, Inc.) -- C:\WINDOWS\System32\GanttOCX.ocx
[2012/02/14 11:09:28 | 000,102,469 | -H-- | C] (Microsoft) -- C:\WINDOWS\System32\VBPRNDLG.DLL
[2012/02/14 11:09:27 | 000,045,056 | -H-- | C] (Microsoft) -- C:\WINDOWS\System32\NTSVC.OCX
[2012/02/14 11:09:26 | 000,614,344 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\Resizer.dll
[2012/02/14 11:09:26 | 000,136,648 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\ResizableControl.dll
[2012/02/14 11:09:25 | 000,252,928 | -H-- | C] (VideoSoft) -- C:\WINDOWS\System32\VSOCX6.OCX
[2012/02/14 11:09:23 | 000,662,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2012/02/14 11:09:23 | 000,212,240 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2012/02/14 10:54:27 | 000,014,592 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/16 18:12:28 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/16 18:06:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 21:07:18 | 000,000,184 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/02/15 20:55:08 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Jxaw.job
[2012/02/15 20:00:43 | 000,000,413 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\spyware-doctor.exe.lnk
[2012/02/15 12:33:00 | 000,000,861 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/15 12:11:05 | 000,000,429 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/02/15 12:01:19 | 000,000,312 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4f
[2012/02/15 12:01:18 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4fr
[2012/02/15 12:01:16 | 000,000,843 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\System Check.lnk
[2012/02/15 12:01:11 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f
[2012/02/15 12:01:05 | 000,353,280 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f.exe
[2012/02/15 11:59:09 | 000,235,960 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 11:58:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\YoWindow
[2012/02/15 11:58:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/02/15 11:58:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/02/15 11:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Realtek Sound Manager
[2012/02/15 11:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/02/15 11:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Help & Tools
[2012/02/15 11:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Services
[2012/02/15 11:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2012/02/15 11:58:08 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/02/15 11:58:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/15 11:58:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/02/15 11:58:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/02/15 11:58:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/02/15 11:58:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2012/02/15 11:52:55 | 000,446,976 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe
[2012/02/14 11:18:30 | 000,007,139 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2012/02/14 11:11:28 | 000,000,401 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Touchscr.lnk
[2012/02/14 11:11:01 | 000,000,060 | -H-- | M] () -- C:\WINDOWS\BLSDATA.INI
[2012/02/14 11:10:49 | 000,000,383 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\E2 Shop System 7.2.lnk
[2012/02/14 10:58:06 | 000,442,948 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/14 10:58:06 | 000,072,214 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/31 07:44:05 | 000,237,072 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/01/26 03:00:50 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/15 19:55:34 | 000,000,413 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\spyware-doctor.exe.lnk
[2012/02/15 12:33:00 | 000,000,861 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/15 12:04:22 | 000,001,632 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/02/15 12:04:22 | 000,000,779 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/15 12:04:22 | 000,000,742 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/02/15 12:04:22 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/15 12:04:21 | 000,002,235 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Help and Support.lnk
[2012/02/15 12:04:21 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2012/02/15 12:04:20 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/02/15 12:04:20 | 000,000,792 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/02/15 12:04:20 | 000,000,767 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/02/15 12:04:20 | 000,000,738 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/02/15 12:01:18 | 000,000,312 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4f
[2012/02/15 12:01:18 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4fr
[2012/02/15 12:01:16 | 000,000,843 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\System Check.lnk
[2012/02/15 12:01:11 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f
[2012/02/15 12:01:05 | 000,353,280 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f.exe
[2012/02/15 11:56:00 | 000,446,976 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe
[2012/02/14 11:11:28 | 000,000,401 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Touchscr.lnk
[2012/02/14 11:10:49 | 000,000,383 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\E2 Shop System 7.2.lnk
[2012/02/14 11:09:54 | 000,014,316 | -H-- | C] () -- C:\WINDOWS\System32\RULE1.LLR
[2012/02/14 11:09:54 | 000,006,664 | -H-- | C] () -- C:\WINDOWS\System32\RULE1.DFA
[2012/02/14 11:09:51 | 000,017,920 | -H-- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2012/02/14 11:09:31 | 000,342,910 | -H-- | C] () -- C:\WINDOWS\System32\VSTH_AE.THE
[2012/02/14 11:09:31 | 000,083,368 | -H-- | C] () -- C:\WINDOWS\System32\VSTHES6.OCX
[2012/02/14 11:09:30 | 000,173,472 | -H-- | C] () -- C:\WINDOWS\System32\VSSPELL6.OCX
[2012/02/14 11:09:29 | 001,344,475 | -H-- | C] () -- C:\WINDOWS\System32\VSSP_AE.DCT
[2012/02/14 11:09:28 | 000,001,768 | -H-- | C] () -- C:\WINDOWS\System32\VBPRNDLG.LIB
[2012/02/14 11:09:28 | 000,001,033 | -H-- | C] () -- C:\WINDOWS\System32\VBPRNDLG.EXP
[2012/02/14 11:09:28 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\VBPRNDLG.DEP
[2012/02/14 11:09:25 | 000,000,329 | -H-- | C] () -- C:\WINDOWS\System32\Resizer.dep
[2012/02/14 11:09:09 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\BLSDATA.INI
[2011/06/22 00:09:01 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/05/19 11:04:44 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/19 11:04:43 | 000,256,000 | -H-- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/19 11:04:43 | 000,098,816 | -H-- | C] () -- C:\WINDOWS\sed.exe
[2011/05/19 11:04:43 | 000,080,412 | -H-- | C] () -- C:\WINDOWS\grep.exe
[2011/05/19 11:04:43 | 000,068,096 | -H-- | C] () -- C:\WINDOWS\zip.exe
[2011/05/16 16:55:44 | 000,000,223 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\sett.dat
[2011/05/13 13:08:30 | 000,000,127 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/11 16:43:14 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/21 07:11:51 | 000,186,693 | -H-- | C] () -- C:\WINDOWS\hpwins24.dat
[2011/04/21 07:11:51 | 000,001,758 | -H-- | C] () -- C:\WINDOWS\hpwmdl24.dat
[2011/04/19 07:57:13 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2011/04/19 07:44:06 | 000,142,768 | -H-- | C] () -- C:\WINDOWS\System32\ar5523.bin
[2011/04/19 07:40:42 | 000,000,164 | -H-- | C] () -- C:\WINDOWS\avrack.ini
[2011/04/19 07:40:36 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2011/04/19 07:40:36 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/04/19 07:25:28 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2005/12/21 17:57:36 | 000,139,264 | -H-- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 17:57:04 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004/11/17 06:10:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/17 06:09:59 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/17 06:09:03 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/17 06:08:35 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/17 05:48:01 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/17 05:48:01 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/17 05:47:59 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/17 05:47:55 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/17 05:47:51 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/27 16:57:22 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/26 21:46:37 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/26 21:45:58 | 000,013,949 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/26 21:45:50 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/26 21:19:17 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/26 21:07:27 | 000,001,040 | -H-- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/10/26 21:02:35 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/26 21:02:35 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/26 21:02:35 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/26 20:33:02 | 000,299,073 | -H-- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/26 20:33:02 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/26 20:32:36 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/26 20:04:20 | 000,000,802 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/26 20:02:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/26 19:57:30 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/26 19:44:44 | 000,000,572 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/26 19:44:04 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/26 19:44:01 | 000,442,948 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/26 19:44:01 | 000,072,214 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/26 12:51:40 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/26 12:50:42 | 000,235,960 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 16:37:42 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/20 05:14:46 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 01:04:00 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

========== LOP Check ==========

[2004/10/26 22:12:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2012/02/15 19:55:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\TestApp
[2011/08/11 15:55:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Autodesk
[2004/10/26 22:12:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2011/06/16 10:14:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\whitesmoketoolbar
[2011/10/02 11:25:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\YoWindow
[2011/05/16 11:24:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/08/11 16:06:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/06/24 11:31:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2012/02/15 20:00:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/16 10:56:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\YoWindow
[2012/02/15 20:55:08 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\Jxaw.job
[2012/02/16 18:12:28 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
February 16th, 2012, 07:29 PM
kspeel

duplicate
February 16th, 2012, 07:31 PM
kspeel

sorry posted twice
February 16th, 2012, 08:31 PM
Broni
Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL SRV - File not found [Auto] -- -- (itlperf) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin SRV - [2011/06/24 11:30:44 | 000,034,856 | -H-- | M] (Retrogamer) [Auto] -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe -- (Retrogamer_2zService) O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll () O2 - BHO: (Search Assistant BHO) - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (Retrogamer) O2 - BHO: (Toolbar BHO) - {fc1e426b-fa76-428f-b680-86ef1edb13c1} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer) O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll () O3 - HKLM\..\Toolbar: (Retrogamer) - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer) O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\Compaq_Owner_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\Compaq_Owner_ON_C\..\Toolbar\WebBrowser: (Retrogamer) - {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Retrogamer_2z Browser Plugin Loader] C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe (Retrogamer) O4 - HKLM..\Run: [UhUknMwmQEyg.exe] C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe () O4 - HKU\.DEFAULT..\Run: [R8388QA8U8] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) [2012/02/15 12:01:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\System Check [2012/02/15 20:55:08 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Jxaw.job [2012/02/15 12:33:00 | 000,000,861 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk [2012/02/15 12:01:19 | 000,000,312 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4f [2012/02/15 12:01:18 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4fr [2012/02/15 12:01:16 | 000,000,843 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\System Check.lnk [2012/02/15 12:01:11 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f [2012/02/15 12:01:05 | 000,353,280 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f.exe [2012/02/15 11:52:55 | 000,446,976 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 :Services :Reg :Files :Commands [purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE
- Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
  - (The content of Fix.txt should appear in the box)
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post the log produced (you'll need to transfer it with USB stick)
- Remove the CD and shut down computer manually.
- Attempt to reboot normally into Windows.
February 16th, 2012, 08:56 PM
kspeel

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\itlperf deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Retrogamer_2zService deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ffed9d8-942f-4384-aa29-d3bd083a346a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ffed9d8-942f-4384-aa29-d3bd083a346a}\ deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc1e426b-fa76-428f-b680-86ef1edb13c1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc1e426b-fa76-428f-b680-86ef1edb13c1}\ deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ not found.
File C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{54ba686e-738f-42fe-badd-d8cb7cfbc07e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54ba686e-738f-42fe-badd-d8cb7cfbc07e}\ deleted successfully.
File C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}\ not found.
File C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Retrogamer_2z Browser Plugin Loader deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UhUknMwmQEyg.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\R8388QA8U8 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Starting removal of ActiveX control {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\System Check folder moved successfully.
C:\WINDOWS\tasks\Jxaw.job moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4f moved successfully.
C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4fr moved successfully.
C:\Documents and Settings\Compaq_Owner\Desktop\System Check.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f moved successfully.
C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f.exe moved successfully.
File C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 02162012_195132
February 16th, 2012, 09:01 PM
kspeel

okay booted into windows normally and not much happening,,Red desktop ,no icons but superantispyware symbol is there,that and saying wireless network detected.click on start and nothing is there
February 16th, 2012, 09:26 PM
Broni
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
- Double-click on the Rkill icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
February 17th, 2012, 06:29 AM
kspeel

combofix wont run

combo fix wont run boots everytime got to restore point. Tryed in safe mode and ran rkill also then ran combofix and still boots. here is the rkill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/15/2012 at 12:08:14.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 02/15/2012 at 12:08:19.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/15/2012 at 12:49:26.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe
C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f.exe

Rkill completed on 02/15/2012 at 12:49:33.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/17/2012 at 5:23:45.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 02/17/2012 at 5:23:50.
February 17th, 2012, 05:59 PM
Broni

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
February 17th, 2012, 06:51 PM
kspeel

swMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-17 17:48:46
-----------------------------
17:48:46.812 OS Version: Windows 5.1.2600 Service Pack 3
17:48:46.812 Number of processors: 1 586 0xA00
17:48:46.812 ComputerName: SHOP UserName:
17:48:47.218 Initialize success
17:49:13.125 AVAST engine download error: 0
17:49:27.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
17:49:27.500 Disk 0 Vendor: WDC_WD600BB-22JHA0 05.01C05 Size: 57241MB BusType: 3
17:49:27.515 Disk 0 MBR read successfully
17:49:27.515 Disk 0 MBR scan
17:49:27.515 Disk 0 unknown MBR code
17:49:27.515 Disk 0 Partition 1 00 0B FAT32 RECOVERY 4289 MB offset 63
17:49:27.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52949 MB offset 8784720
17:49:27.531 Disk 0 scanning sectors +117225360
17:49:27.593 Disk 0 scanning C:\WINDOWS\system32\drivers
17:49:34.593 Service scanning
17:49:35.734 Modules scanning
17:49:43.812 Disk 0 trace - called modules:
17:49:43.828 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
17:49:44.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8638aab8]
17:49:44.328 3 CLASSPNP.SYS[f77affd7] -> nt!IofCallDriver -> \Device\00000065[0x863663b8]
17:49:44.328 5 ACPI.sys[f7726620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x8633c940]
17:49:44.328 Scan finished successfully
17:50:06.156 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
17:50:06.156 The log file has been saved successfully to "J:\aswMBR.txt"
February 17th, 2012, 06:58 PM
kspeel

btkr not coraperating
February 17th, 2012, 06:58 PM
kspeel

keeps saying press any key to continue
February 17th, 2012, 07:00 PM
Broni
Download Bootkit Remover to your Desktop.
- Unzip downloaded file to your Desktop.
- Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
- It will show a Black screen with some data on it.
- Right click on the screen and click Select All.
- Press CTRL+C
- Open a Notepad and press CTRL+V
- Post the output back here.

Show 40 post(s) from this thread on one page