Office PC problem!

[wedzmer]

I have a PC in my office, and I'm experiencing major problems.

1 of which is that my ESet antivirus is not updated anymore. DAMN!
2nd, my pc is infected with a virus or whatever it is, and it's bugging my pc over and over! I can't find my Folder Options anymore coz it got lost...and I can't click the RUN button in my start menu coz it's missing. When i press hold the window button in my keyboard and the R key, there's a pop that says: ERROR PLEASE CONTACT PC ADMINISTRATOR. But I'm the Administrator! lol

here's what hijack prompted when i runned hijack.exe on my pc.

Code: [Select]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:49 madforelmo, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\user\Bluebirds\BlueBirds.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\samok.vbs"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\user\Bluebirds\BlueBirds.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 6680 bytes
Hope you could somehow help me...

And by the way.. I don't have an internet connection on that pc, that's why i can't update my antivirus anymore... so i'm basically saving your replies to my flashdrive and use it when i get back.

thanx!

[guestolo]

I'm just on my way to work, in the meantime, can you do the following

Download [color=\"#FF0000\"]> ATF Cleaner <[/color] by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
     
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
     
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
     
  
• Make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
     
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

After you post that log, can you next do the following
Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Ensure to post back all the following
Combofix report
log from MBAM
post a fresh Hijackthis log

[wedzmer]

[quote name=\'guestolo\' post=\'465600\' date=\'Oct 9 2009, 10:07 AM\'][color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
[/quote]



about this part...

is there, by any chance, a way i could download the update here and put it in my USB flash drive? coz i don't have an internet access in my office, and the problem I'm asking for help with in this post is for the pc i'm using in my office...

[guestolo]

I'm i to understand, you don't need a hand?
Run the above and post the appropriate logs
Guaranteed your flash drives are infected also

EDIT>> Sorry about the reply I striked out, I think I misread your last responsed
I think what's going on is your Flash drive is probably infected
Which computer are you using now, and have you used this flash drive on this computer your posting with also?

Back to the PC computer at work
You will probably not be able to update Malwarebytes also
Can you manually download the updates and run the updater after you have Malwarebytes installed
MBAM Manual update

As for ComboFix
You can run it without installing the Recovery Console, it will most likely run in a Limited state however
To take full effect of ComboFix
You can manually install Recovery console
Go to the following link
http://support.microsoft.com/kb/310994

At that page, scroll down and click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed. When you click on the link to download the file, make sure you save it directly to your desktop. If you are using Windows XP Service Pack 3 (SP3), then select the Service Pack 2 download. If you are using Windows XP Media Center, then you should select the Windows XP Pro Service Pack 2 download. If you are unsure what version of Windows you have and what Service Pack is installed, you can follow these instructions to gain that information.
Go to START>>RUN>>type in winver

Once the Microsoft file has finished downloading,
Put it and ComboFix directly on the OFFICE PC desktop
 you should then drag the file on top of the ComboFix icon and let your mouse button go. This is shown in the following image.


   4. ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless required

Once the Windows Recovery Console has finished installed, ComboFix will open a prompt stating that it was installed and asking if you would like to proceed with scanning your computer. If you wish to continue, then press the Yes button and continue with previous instructions I posted in my last reply

[wedzmer]

[quote name=\'guestolo\' post=\'465613\' date=\'Oct 9 2009, 07:50 PM\']I think what's going on is your Flash drive is probably infected
Which computer are you using now, and have you used this flash drive on this computer your posting with also?[/quote]

Right now i'm using my HOME PC and every instruction you give me here, i save it and do the actions when i get to work.
And yes, I believe my Flash drive does get infected every time i put it in my Office PC, that's why i always scan it in my Home PC before I use it here. And for the very reason I have two (2) anti-virus working here in my HOME PC just to be sure this PC won't get infected with the problems my OFFICE PC is encountering.

I actually asked for help on my Flash Disk here in the site. I don't know if you have seen my other post, it's titled RECYCLER???

[quote name=\'guestolo\' post=\'465613\' date=\'Oct 9 2009, 07:50 PM\']At that page, scroll down and click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed. When you click on the link to download the file, make sure you save it directly to your desktop. If you are using Windows XP Service Pack 3 (SP3), then select the Service Pack 2 download. If you are using Windows XP Media Center, then you should select the Windows XP Pro Service Pack 2 download. If you are unsure what version of Windows you have and what Service Pack is installed, you can follow these instructions to gain that information.

Go to START>>RUN>>type in winver[/quote]

I can't get to that instruction anymore on my OFFICE PC because the RUN Button in the start Menu is Missing.

Is there any other way of knowing what service pack is installed in my OFFICE PC?

[guestolo]

If you right click on "MyComputer" and select Properties
The info you need should be under the General tab

Don't forget to transfer all files/tools to the Desktop of the computer
Leave your Flash drive plugged into the computer at work when doing your scan with ComboFix

[wedzmer]

[quote name=\'guestolo\' post=\'465663\' date=\'Oct 12 2009, 11:28 AM\']If you right click on "MyComputer" and select Properties
The info you need should be under the General tab

Don't forget to transfer all files/tools to the Desktop of the computer
Leave your Flash drive plugged into the computer at work when doing your scan with ComboFix[/quote]


I'll do this as soon as I go to work...

But your last procedure actually fixed the missing folder options and run button in the start menu..

But there is still this thing i see below (in) the task bar.. in the right corner you can see the clock and the time right? but there's this
"madforelmo" written after it.. As if it's some sort of malware or virus or whatever it is...

[guestolo]

But your last procedure actually fixed the missing folder options and run button in the start menu..

What last procedure?

[wedzmer]

[quote name=\'guestolo\' post=\'465869\' date=\'Oct 21 2009, 11:33 PM\']What last procedure?[/quote]


the combofix.. but i still have that "madforelmo" written/showing beside the clock in my taskbar.. and if i hide my clock.. it hide's with along with it...

anyway, i have some logs which i will upload here.. the ones i run in my Office PC.. hope you check it out for me...

OTL logfile created on: 10/22/2009 3:32:21 madforelmo - Run 3
OTL by OldTimer - Version 3.0.18.4     Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.23 Mb Total Physical Memory | 632.30 Mb Available Physical Memory | 62.34% Memory free
2.38 Gb Paging File | 2.16 Gb Available in Paging File | 90.57% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 10.25 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
Drive D: | 57.12 Gb Total Space | 53.78 Gb Free Space | 94.16% Space Free | Partition Type: NTFS
Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.84 Gb Total Space | 3.46 Gb Free Space | 90.23% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: OWNER-BBE8C8A7C
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2007/11/09 00:53:50 | 00,423,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008/09/09 03:39:24 | 16,851,968 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/02/20 11:06:58 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/11/09 00:52:22 | 01,274,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe
PRC - [2007/11/09 00:55:04 | 00,884,696 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe
PRC - [2008/03/03 18:06:00 | 01,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2008/07/03 07:38:24 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/10/09 22:34:14 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2007/11/09 00:53:50 | 00,423,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
SRV - [2008/07/25 08:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 08:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/02/20 11:14:52 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008/07/29 18:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/20 14:52:10 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 08:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 16:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/20 13:49:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
SRV - [2006/11/10 19:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/07/29 16:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/14 08:00:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 15:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2008/02/20 11:01:30 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2008/02/20 11:02:22 | 00,029,704 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys -- (easdrv [System | Running])
DRV - [2008/02/20 11:11:16 | 00,033,800 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running])
DRV - [2008/04/14 08:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/09/26 18:01:00 | 00,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])
DRV - [2007/04/16 14:16:26 | 05,760,096 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2008/09/09 03:07:36 | 04,813,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/04/14 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/04/14 08:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/07/20 15:06:43 | 00,129,248 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman [Boot | Running])
DRV - [2009/07/20 15:06:47 | 00,043,008 | ---- | M] (Acronis) -- C:\WINDOWS\System32\DRIVERS\tifsfilt.sys -- (tifsfilter [Auto | Running])
DRV - [2009/07/20 15:06:47 | 00,454,688 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter [Boot | Running])
DRV - [2007/09/20 01:22:00 | 00,265,856 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Searchme"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/20 13:46:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/20 13:49:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/26 13:16:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/20 15:00:32 | 00,000,000 | ---D | M]
 
[2009/08/26 13:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions
[2009/08/26 13:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/26 13:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\5z0nd9br.default\extensions
[2009/07/20 14:53:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/20 14:53:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/28 13:21:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/04/23 21:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 21:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 21:38:33 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/10/22 23:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/04/23 17:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 17:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 17:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 17:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 17:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/13 02:39:56 | 00,002,494 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchme.xml
[2009/04/23 17:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 17:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Quran_AR] C:\Program Files\Quran_AR\Quran_AR.exe (Search Truth Technologies)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [bluebirds] C:\Documents and Settings\user\Bluebirds\BlueBirds.exe (LG Electronics)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/20 13:43:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 02:02:01 | 00,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0e82e442-7531-11de-b0c3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0e82e442-7531-11de-b0c3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e82e442-7531-11de-b0c3-806d6172696f}\Shell\AutoRun\command - "" = E:\BlueBirds.exe -- [2009/04/29 02:02:01 | 00,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[1 C:\WINDOWS\System32\*.tmp files]
[2009/10/19 14:28:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/22 15:08:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/10/21 15:11:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Macromedia
[2009/10/19 14:28:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2009/10/22 15:08:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Simply Super Software
[2009/09/23 12:57:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Windows Search
[2009/09/23 10:02:49 | 00,000,000 | ---D | C] -- C:\Program Files\Globe Broadband
[2009/10/19 14:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/20 16:18:40 | 00,000,000 | ---D | C] -- C:\Program Files\Quran_AR
[2009/10/05 14:53:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/22 15:08:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2009/10/22 15:32:09 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/22 15:27:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/22 15:23:01 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/22 15:22:39 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/22 15:22:39 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/22 15:22:39 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/22 15:22:39 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/22 15:22:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/22 15:22:35 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/22 15:22:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/22 15:21:57 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/10/22 15:08:50 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/10/22 15:08:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Simply Super Software
[2009/10/20 16:19:06 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/10/20 16:18:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\quran
[2009/10/19 14:28:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/19 14:28:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/19 14:26:41 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\user\Desktop\ATF-Cleaner.exe
[2009/09/29 14:39:41 | 00,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\wedzmer files
[2009/09/23 10:04:17 | 00,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/09/23 10:04:17 | 00,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/09/23 10:03:25 | 00,621,056 | R--- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2009/09/23 10:03:25 | 00,113,664 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2009/09/23 10:03:25 | 00,101,376 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2009/09/23 10:03:25 | 00,024,448 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[1 C:\WINDOWS\System32\*.tmp files]
[2009/10/22 15:27:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/22 15:25:58 | 00,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/22 15:23:04 | 00,000,281 | RHS- | M] () -- C:\boot. ini
[2009/10/22 15:13:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/22 15:13:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/22 15:08:51 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2009/10/21 23:56:56 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/10/21 23:46:52 | 03,351,153 | R--- | M] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2009/10/21 15:24:56 | 00,000,594 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Tank.lnk
[2009/10/21 15:24:49 | 00,000,741 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Butterfly Escape.lnk
[2009/10/21 15:21:20 | 00,071,040 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/21 15:01:11 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office Word 2003.lnk
[2009/10/21 09:03:10 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/10/21 07:48:39 | 00,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/20 16:18:40 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/10/20 15:20:23 | 00,000,594 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/20 15:20:23 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/10/19 08:54:47 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office Excel 2003.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/10 00:28:16 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\user\Desktop\ATF-Cleaner.exe
[2009/10/09 22:34:14 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/09 13:39:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/09 09:24:58 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/05 11:01:49 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office PowerPoint 2003.lnk
[2009/10/05 09:58:47 | 04,811,124 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2009/09/24 12:39:56 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/09/23 10:03:43 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
 
[color=\"#E56717\"]========== Files - No Company Name ==========[/color]
[2009/10/22 15:23:04 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/22 15:23:01 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/22 15:22:39 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/22 15:22:39 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/22 15:22:39 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/22 15:22:39 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/22 15:21:31 | 03,351,153 | R--- | C] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2009/10/22 15:08:51 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2009/10/22 15:08:50 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/22 15:08:50 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/10/22 15:08:50 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/22 15:08:50 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/21 15:24:56 | 00,000,594 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Tank.lnk
[2009/10/21 15:24:49 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Butterfly Escape.lnk
[2009/10/20 15:20:20 | 00,000,877 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/09/23 10:03:43 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2009/08/28 14:16:03 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/08/26 15:03:26 | 00,071,040 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/26 13:22:58 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 12:56:34 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/20 15:01:21 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/20 14:59:54 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/20 14:59:52 | 02,045,459 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/07/20 14:59:52 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/20 14:59:52 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/20 14:59:51 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/20 14:59:50 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/20 14:59:50 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/20 14:29:17 | 04,811,124 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2009/07/20 14:19:16 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2009/07/20 14:05:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\user\Application Data\desktop.ini
[2009/07/20 13:38:05 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2009/07/20 13:38:04 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2009/07/20 13:38:04 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2009/07/20 06:28:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/04/14 08:00:00 | 00,000,594 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 08:00:00 | 00,000,264 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/02/20 11:11:16 | 00,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

ComboFix 09-10-20.03 - user 10/22/2009 15:23.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.656 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\samok.vbs

.
(((((((((((((((((((((((((   Files Created from 2009-09-22 to 2009-10-22  )))))))))))))))))))))))))))))))
.

2009-10-22 22:08 . 2006-06-19 20:01   69632   ----a-w-   c:\windows\system32\ztvcabinet.dll
2009-10-22 22:08 . 2006-05-25 22:52   162304   ----a-w-   c:\windows\system32\ztvunrar36.dll
2009-10-22 22:08 . 2005-08-26 08:50   77312   ----a-w-   c:\windows\system32\ztvunace26.dll
2009-10-22 22:08 . 2003-02-03 03:06   153088   ----a-w-   c:\windows\system32\UNRAR3.dll
2009-10-22 22:08 . 2002-03-06 08:00   75264   ----a-w-   c:\windows\system32\unacev2.dll
2009-10-22 22:08 . 2009-10-22 22:09   --------   d-----w-   c:\program files\Trojan Remover
2009-10-22 22:08 . 2009-10-22 22:08   --------   d-----w-   c:\documents and settings\user\Application Data\Simply Super Software
2009-10-22 22:08 . 2009-10-22 22:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\Simply Super Software
2009-10-22 20:54 . 2009-10-22 20:54   --------   d-----w-   c:\documents and settings\Admin\Application Data\Media Player Classic
2009-10-22 20:44 . 2009-10-22 20:44   --------   d-----w-   c:\documents and settings\Admin\Bluebirds
2009-10-21 17:45 . 2009-10-21 17:45   --------   d-----w-   c:\documents and settings\Admin\Local Settings\Application Data\ESET
2009-10-21 16:59 . 2009-10-21 16:59   --------   d-----w-   c:\documents and settings\Admin\Application Data\DivX
2009-10-21 16:13 . 2009-10-21 16:13   --------   d-----w-   c:\documents and settings\Admin\Application Data\Winamp
2009-10-21 16:03 . 2009-10-21 16:03   71040   ----a-w-   c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 14:50 . 2009-10-21 14:50   --------   d-sh--w-   c:\documents and settings\Admin\PrivacIE
2009-10-20 23:19 . 2009-10-20 23:18   737280   ----a-w-   c:\windows\iun6002.exe
2009-10-20 23:18 . 2009-10-20 23:18   --------   d-----w-   c:\windows\system32\quran
2009-10-20 23:18 . 2009-10-20 23:19   --------   d-----w-   c:\program files\Quran_AR
2009-10-19 21:28 . 2009-10-19 21:28   --------   d-----w-   c:\documents and settings\user\Application Data\Malwarebytes
2009-10-19 21:28 . 2009-09-10 21:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 21:28 . 2009-10-20 18:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-19 21:28 . 2009-10-19 21:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 21:28 . 2009-09-10 21:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-05 21:53 . 2009-10-05 21:53   --------   d-----w-   c:\program files\Trend Micro
2009-09-23 20:27 . 2009-09-23 20:27   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-23 19:57 . 2009-09-23 19:57   --------   d-----w-   c:\documents and settings\user\Application Data\Windows Search
2009-09-23 17:04 . 2008-04-22 23:09   32384   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2009-09-23 17:04 . 2008-04-22 23:09   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2009-09-23 17:03 . 2008-09-27 01:01   621056   ----a-r-   c:\windows\system32\drivers\mod7700.sys
2009-09-23 17:03 . 2008-09-27 01:01   113664   ----a-r-   c:\windows\system32\drivers\ewusbnet.sys
2009-09-23 17:03 . 2008-09-27 01:01   101376   ----a-r-   c:\windows\system32\drivers\ewusbmdm.sys
2009-09-23 17:03 . 2008-09-27 01:00   24448   ----a-r-   c:\windows\system32\drivers\ewdcsc.sys
2009-09-23 17:02 . 2009-10-20 18:39   --------   d-----w-   c:\program files\Globe Broadband

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 22:21 . 2009-08-26 22:03   71040   ----a-w-   c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 22:50 . 2009-10-20 22:50   --------   d-----w-   c:\documents and settings\Admin\Application Data\Windows Desktop Search
2009-10-20 22:50 . 2009-10-20 22:50   --------   d-----w-   c:\documents and settings\Admin\Application Data\Malwarebytes
2009-10-20 18:19 . 2009-07-20 20:41   --------   d-----w-   c:\program files\Windows Media Connect 2
2009-10-20 18:19 . 2009-07-20 20:38   --------   d-----w-   c:\program files\Windows Desktop Search
2009-10-20 17:18 . 2009-07-20 21:52   --------   d-----w-   c:\program files\Google
2009-10-20 16:51 . 2009-07-20 21:54   --------   d-----w-   c:\program files\Blinque
2009-09-24 19:39 . 2009-09-02 23:32   10   ----a-w-   c:\windows\popcinfo.dat
2009-09-22 22:47 . 2009-07-20 21:52   --------   d-----w-   c:\documents and settings\user\Application Data\Winamp
2009-09-22 21:57 . 2009-07-20 21:55   --------   d-----w-   c:\program files\Common Files\Adobe
2009-09-08 19:53 . 2009-07-20 22:17   --------   d-----w-   c:\documents and settings\user\Application Data\Ahead
2009-09-02 22:44 . 2009-09-02 22:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\Genimo
2009-09-02 22:37 . 2009-09-02 22:37   --------   d-----w-   c:\documents and settings\user\Application Data\Genimo
2009-08-28 21:06 . 2009-08-28 21:06   --------   d-----w-   c:\documents and settings\user\Application Data\Media Player Classic
2009-08-28 00:19 . 2009-08-28 00:19   --------   d--h--w-   c:\documents and settings\All Users\Application Data\CanonIJEGV
2009-08-27 23:54 . 2009-08-27 23:51   --------   d-----w-   c:\program files\Canon
2009-08-27 23:53 . 2009-08-27 23:53   --------   d--h--w-   c:\documents and settings\All Users\Application Data\CanonBJ
2009-08-27 23:52 . 2009-08-27 23:52   --------   d--h--w-   c:\program files\CanonBJ
2009-08-27 21:11 . 2009-07-20 21:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-26 20:16 . 2009-08-26 20:16   0   ----a-w-   c:\windows\nsreg.dat
.

------- Sigcheck -------

[-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bluebirds"="c:\documents and settings\user\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-20 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe" [2007-11-09 1274600]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe" [2007-11-09 884696]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Quran_AR"="c:\program files\Quran_AR\Quran_AR.exe" [2009-07-08 327680]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-7-20 128000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 b-b2g 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 11:08 b-b2g 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [4/14/2008 8:00 b-b2g 3584]
S3 abp470n5;abp470n5;

.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5z0nd9br.default\
FF - prefs.js: browser.search.selectedEngine - Searchme
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 15:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-10-22 15:27
ComboFix-quarantined-files.txt  2009-10-22 22:27

Pre-Run: 11,099,721,728 bytes free
Post-Run: 10,985,598,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FF3F0AA0A7D8D13E33F44E4684300291

[guestolo]

download [color=\"red\"]SystemLook[/color] from one of the links below and save it to your Desktop.
[color=\"blue\"]Download Mirror #1[/color]
[color=\"blue\"]Download Mirror #2[/color][/b]

• Double click on SystemLook.exe to Run it
  
• Copy the contents of the following codebox into the main textfield:
  
  Code: [Select]
  :reg
HKEY_CURRENT_USER\Control Panel\International
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
:regfind
madforelmo
b-b2g
samok.vbs
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Edit>>Can you also do the following
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]KillAll::
Driver::
abp470n5

[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..
Can I see that log again

NOTE: You appear to be using a Cracked version of Nod32, why would you go that route?

[wedzmer]

[quote name=\'guestolo\' post=\'465926\' date=\'Oct 25 2009, 12:28 PM\']download [color=\"red\"]SystemLook[/color] from one of the links below and save it to your Desktop.
[color=\"blue\"]Download Mirror #1[/color]
[color=\"blue\"]Download Mirror #2[/color][/b]

• Double click on SystemLook.exe to Run it
  
• Copy the contents of the following codebox into the main textfield:
  
  Code: [Select]
  :reg
 HKEY_CURRENT_USER\Control Panel\International
 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore
 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 :regfind
 madforelmo
 b-b2g
 samok.vbs
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

[/quote]
here's the systemlook log file:

Code: [Select]

[/b]SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 13:48 on 26/10/2009 by user (Administrator - Elevation successful)

========== reg ==========

[HKEY_CURRENT_USER\Control Panel\International]
"iCalendarType"="1"
"iCountry"="1"
"iCurrDigits"="2"
"iCurrency"="0"
"iDate"="0"
"iDigits"="2"
"iFirstDayOfWeek"="6"
"iFirstWeekOfYear"="0"
"iLZero"="1"
"iMeasure"="1"
"iNegCurr"="0"
"iNegNumber"="1"
"iTime"="0"
"iTimePrefix"="0"
"iTLZero"="0"
"Locale"="00000409"
"NumShape"="1"
"s1159"="b-b2g"
"s2359"="madforelmo"
"sCountry"="United States"
"sCurrency"="$"
"sDate"="/"
"sDecimal"="."
"sGrouping"="3;0"
"sLanguage"="ENU"
"sList"=","
"sLongDate"="dddd, MMMM dd, yyyy"
"sMonDecimalSep"="."
"sMonGrouping"="3;0"
"sMonThousandSep"=","
"sNativeDigits"="0123456789"
"sNegativeSign"="-"
"sPositiveSign"=""
"sShortDate"="M/d/yyyy"
"sThousand"=","
"sTime"=":"
"sTimeFormat"="h:mm:ss tt"

[HKEY_CURRENT_USER\Control Panel\International\Geo]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore]
"BrowserFlags"= 0x0000000022 (34)
"ExplorerFlags"= 0x0000000021 (33)
@="Owned!"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
"BrowserFlags"= 0x0000000010 (16)
"ExplorerFlags"= 0x0000000012 (18)
@="b-b2g"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon"
"egui"=""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice"
"Malwarebytes Anti-Malware (reboot)"=""C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript"
"Quran_AR"="C:\Program Files\Quran_AR\Quran_AR.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SunJavaUpdateSched"=""C:\Program Files\Java\jre6\bin\jusched.exe""
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe /boot"
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]


========== regfind ==========

Searching for "madforelmo"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="F:\Fixing Tools\madforelmo.JPG"
[HKEY_USERS\S-1-5-21-746137067-963894560-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="F:\Fixing Tools\madforelmo.JPG"

Searching for "b-b2g"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
@="b-b2g"

Searching for "samok.vbs"
No data found.

-=End Of File=-
[b]
[/b][quote name=\'guestolo\' post=\'465926\' date=\'Oct 25 2009, 12:28 PM\']Note: The log can also be found on your Desktop entitled SystemLook.txt

Edit>>Can you also do the following
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000ff\"]KillAll::
Driver::
abp470n5

[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..
Can I see that log again[/quote]

here's the combofix log:

Code: [Select]

ComboFix 09-10-20.03 - user 10/26/2009 13:52.2.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.663 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Created a new restore point
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_abp470n5


(((((((((((((((((((((((((   Files Created from 2009-09-26 to 2009-10-26  )))))))))))))))))))))))))))))))
.

2009-10-25 16:29 . 2009-10-25 16:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Genimo
2009-10-22 22:08 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-10-22 22:08 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-10-22 22:08 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-10-22 22:08 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-10-22 22:08 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-10-22 22:08 . 2009-10-22 22:09 -------- d-----w- c:\program files\Trojan Remover
2009-10-22 22:08 . 2009-10-22 22:08 -------- d-----w- c:\documents and settings\user\Application Data\Simply Super Software
2009-10-22 22:08 . 2009-10-22 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-10-22 20:54 . 2009-10-22 20:54 -------- d-----w- c:\documents and settings\Admin\Application Data\Media Player Classic
2009-10-22 20:44 . 2009-10-22 20:44 -------- d-----w- c:\documents and settings\Admin\Bluebirds
2009-10-21 17:45 . 2009-10-21 17:45 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ESET
2009-10-21 16:59 . 2009-10-21 16:59 -------- d-----w- c:\documents and settings\Admin\Application Data\DivX
2009-10-21 16:13 . 2009-10-21 16:13 -------- d-----w- c:\documents and settings\Admin\Application Data\Winamp
2009-10-21 16:03 . 2009-10-21 16:03 71040 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 14:50 . 2009-10-21 14:50 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2009-10-20 23:19 . 2009-10-20 23:18 737280 ----a-w- c:\windows\iun6002.exe
2009-10-20 23:18 . 2009-10-20 23:18 -------- d-----w- c:\windows\system32\quran
2009-10-20 23:18 . 2009-10-20 23:19 -------- d-----w- c:\program files\Quran_AR
2009-10-19 21:28 . 2009-10-19 21:28 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-10-19 21:28 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 21:28 . 2009-10-20 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 21:28 . 2009-10-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 21:28 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-05 21:53 . 2009-10-05 21:53 -------- d-----w- c:\program files\Trend Micro

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 22:21 . 2009-08-26 22:03 71040 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 22:50 . 2009-10-20 22:50 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Desktop Search
2009-10-20 22:50 . 2009-10-20 22:50 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2009-10-20 18:39 . 2009-09-23 17:02 -------- d-----w- c:\program files\Globe Broadband
2009-10-20 18:19 . 2009-07-20 20:41 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-20 18:19 . 2009-07-20 20:38 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-20 17:18 . 2009-07-20 21:52 -------- d-----w- c:\program files\Google
2009-10-20 16:51 . 2009-07-20 21:54 -------- d-----w- c:\program files\Blinque
2009-09-24 19:39 . 2009-09-02 23:32 10 ----a-w- c:\windows\popcinfo.dat
2009-09-23 19:57 . 2009-09-23 19:57 -------- d-----w- c:\documents and settings\user\Application Data\Windows Search
2009-09-22 22:47 . 2009-07-20 21:52 -------- d-----w- c:\documents and settings\user\Application Data\Winamp
2009-09-22 21:57 . 2009-07-20 21:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-08 19:53 . 2009-07-20 22:17 -------- d-----w- c:\documents and settings\user\Application Data\Ahead
2009-09-02 22:44 . 2009-09-02 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Genimo
2009-09-02 22:37 . 2009-09-02 22:37 -------- d-----w- c:\documents and settings\user\Application Data\Genimo
2009-08-28 21:06 . 2009-08-28 21:06 -------- d-----w- c:\documents and settings\user\Application Data\Media Player Classic
2009-08-28 00:19 . 2009-08-28 00:19 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV
2009-08-27 23:54 . 2009-08-27 23:51 -------- d-----w- c:\program files\Canon
2009-08-27 23:53 . 2009-08-27 23:53 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-08-27 23:52 . 2009-08-27 23:52 -------- d--h--w- c:\program files\CanonBJ
2009-08-27 21:11 . 2009-07-20 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-26 20:16 . 2009-08-26 20:16 0 ----a-w- c:\windows\nsreg.dat
.

------- Sigcheck -------

[-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot@2009-10-22_22.25.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-26 20:56 . 2009-10-26 20:56 16384  c:\windows\temp\Perflib_Perfdata_7b4.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bluebirds"="c:\documents and settings\user\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-20 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe" [2007-11-09 1274600]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe" [2007-11-09 884696]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Quran_AR"="c:\program files\Quran_AR\Quran_AR.exe" [2009-07-08 327680]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-7-20 128000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 b-b2g 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 11:08 b-b2g 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [4/14/2008 8:00 b-b2g 3584]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5z0nd9br.default\
FF - prefs.js: browser.search.selectedEngine - Searchme
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 13:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2400)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\combofix\CF23559.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-26 13:58 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-26 20:58
ComboFix2.txt  2009-10-22 22:27

Pre-Run: 10,953,187,328 bytes free
Post-Run: 10,845,507,584 bytes free

- - End Of File - - E4FC4496EF4AF7258619DB314CF5D9BE
[quote name=\'guestolo\' post=\'465926\' date=\'Oct 25 2009, 12:28 PM\']NOTE: You appear to be using a Cracked version of Nod32, why would you go that route?[/quote]

I don't know anything about that crack versions.... when they issued me the pc.. the NOD32 was already installed there... what do you suggest?

[guestolo]

Before we proceed, just remind me please
Did you say earlier that this computer has no Online access

Was it just not getting online earlier and can now?
Or is it set up to never be online?

[wedzmer]

[quote name=\'guestolo\' post=\'465948\' date=\'Oct 26 2009, 10:07 AM\']Before we proceed, just remind me please
Did you say earlier that this computer has no Online access

Was it just not getting online earlier and can now?
Or is it set up to never be online?[/quote]

yes this computer has no online access because they removed our internet connection in the office... but we had an internet access before.. it's been more than a month or so since it was disconnected.

[guestolo]

Let's do the following please
Let's remove all older versions of Sun Java
If you get this computer back online, you will want to visit Java's website and install the latest
Access your Add and Remove programs and remove
Java(tm) 6 Update 13
Java(tm) 6 Update 3

In addition: Uninstall the Entry for Google Toolbar
As your not online, it's not needed and looks corrupt

Run OTL.exe

• Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below
  

  :OTL
  SRV - [2009/07/20 14:52:10 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
  SRV - [2009/07/20 13:49:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
  FF - prefs.js..browser.search.selectedEngine: "Searchme"
  FF - prefs.js..extensions.enabledItems: [email protected]:1.7
  [2009/08/28 13:21:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
  [2009/03/13 02:39:56 | 00,002,494 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchme.xml
  O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
  O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
  O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
  
  :Reg
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusOverride"=dword:00000000
  "FirewallOverride"=dword:00000000
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Malwarebytes Anti-Malware (reboot)"=-
  [HKEY_CURRENT_USER\Control Panel\International]
  "s1159"="AM"
  "s2359"="PM"
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore]
  @=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
  @=-
  
  :Commands
  [emptytemp]
  [Reboot]

  
  
• Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
  
• Let the program run unhindered, reboot the PC when it is done

On startup, please post the log that OTL produces

Let me know how things are now running

[wedzmer]

[quote name=\'guestolo\' post=\'465954\' date=\'Oct 26 2009, 02:17 PM\']Let's do the following please
Let's remove all older versions of Sun Java
If you get this computer back online, you will want to visit Java's website and install the latest
Access your Add and Remove programs and remove
Javaâ„¢ 6 Update 13
Javaâ„¢ 6 Update 3[/quote]

Can I just manually download it right now while I'm using my PC here at home so that i can just do an update manually back at the office?

[guestolo]

The full install of the latest version of Java can be downloaded by doing the following

• Download the latest version of  Java Runtime Environment (JRE) 6.
  
• Scroll down to where it says "JRE 6 Update 17".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select Windows, beside PLATFORM:>>Check the "agree" box and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Transfer the installer to USB drive, etc. and transfer to the desktop of the computer not Online
• Then from your desktop double click on jre-6u17-windows-i586.exe that you downloaded, to install the newest version.
  

NOTE: Java may install a Quick Starter service to run on startup which is really not needed
After installation, simply open the Java icon in Control Panel
Under Advanced tab, expand Miscellaneous, untick "Java Quick Starter" if selected
Apply and Ok it, then exit the Java control panel
A restart of the computer will be required to properly disable the service

[wedzmer]

here is the OTL log that it produced:


I don't really understand this so i just uploaded it as you asked...


[quote name=\'guestolo\' post=\'465954\' date=\'Oct 26 2009, 01:17 PM\']Let's do the following please
Let's remove all older versions of Sun Java
If you get this computer back online, you will want to visit Java's website and install the latest
Access your Add and Remove programs and remove
Javaâ„¢ 6 Update 13
Javaâ„¢ 6 Update 3

In addition: Uninstall the Entry for Google Toolbar
As your not online, it's not needed and looks corrupt

Run OTL.exe

• Under the [color=\"#0000ff\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below
  
• Then click the [color=\"#ff0000\"]Run Fix[/color] button at the top
  
• Let the program run unhindered, reboot the PC when it is done

On startup, please post the log that OTL produces

Let me know how things are now running[/quote]

[guestolo]

Everything running alright now?

[wedzmer]

i think the only problem is that when i right click it to the file..i still have this "b-b2g" something in the system.. what is that?

i noticed you asked me to remove that before... but still it's there....

thanx for the last procedure by the way...it got rid of that madforelmo thing.. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />

[guestolo]

Can you do this step again and post the new log that opens

I had you run SystemLook earlier, can you delete the text file it produced earlier on desktop
SystemLook.txt

Then:

• Double click on SystemLook.exe to Run it
  
• Copy the contents of the following codebox into the main textfield:
  
  Code: [Select]
  :reg
HKEY_CURRENT_USER\Control Panel\International
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
:regfind
madforelmo
b-b2g
samok.vbs
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.