« previous next »
Pages: [1] 2

Author Topic: Computer loggs off immidiately upon logon  (Read 2149 times)

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« on: February 15, 2010, 09:17:36 PM »
Hello. I am trying to help my friend get his computer back up and running. I was going to post a hijackthis log for you, however the virus and malware that he got on his computer will not let him log on anymore. As soon as we try to log onto his computer it immediately logs us off. I have tried booting from xp cd, however I did not get the recovery console option. I then went into his recovery console option from the boot screen and I tried doing a couple things there with no luck. His computer is a desktop, its running windows XP. Its a Compaq Presario S4000NX (very old computer) His CD rom is E: and he has a partition. I know his main system is C: I do not know what is on D: possible backup?

Below is what I tried to do and I was stumped on.
Enter recovery console.
at the command prompt
C:/windows/system32
copy userinit.exe wsaupdater.exe

The recovery console asked me what Installation I'd like to log on to.
1: D:\MiniNT
2: D:\I386
3: C:\Windows

so I chose 3. I then typed in cd system32. Then I typed in the copy command. It copied successfully, however I don't think it copied from my cd. I'm not sure where it copied from and to. I was given this command by a friend. My friend thought it should work, but did not. Any help would much be appreciated.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer loggs off immidiately upon logon
« Reply #1 on: February 15, 2010, 10:59:26 PM »
Please try the following: you need a couple tools

FIRST:

SECOND:
  • Download [color=\"#4169E1\"]OTLPE.iso[/color]  and save to desktop. NOTE: This file is 292Mb in size so it may take some time to download.
  • Open the folder you extracted BurnCDCC and run the tool
       
  • Select "Browse" and choose the OTLPE ISO
       
  • Check "Read verify", "Finalize" and "Auto eject"
  • Choose 32x speed and press "Start"
  • Insert a blank CD into your drive when prompted

After the burning has completed, you now need to boot your computer with this CD
  • Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps [color=\"#FF0000\"]here[/color]
  • Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • Please post the contents of the C:\OTL.txt file in your reply.
« Last Edit: February 16, 2010, 12:23:08 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #2 on: February 16, 2010, 09:11:33 PM »
OTL logfile created on: 2/16/2010 6:09:34 PM - Run
OTLPE by OldTimer - Version 3.1.29.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
631.00 Mb Total Physical Memory | 433.00 Mb Available Physical Memory | 69.00% Memory free
575.00 Mb Paging File | 450.00 Mb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 500 500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.97 Gb Total Space | 0.90 Gb Free Space | 2.65% Space Free | Partition Type: NTFS
Drive D: | 3.28 Gb Total Space | 0.66 Gb Free Space | 19.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard
Using ControlSet: ControlSet002
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/02/05 20:54:43 | 000,135,664 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/23 17:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/05/11 17:10:49 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/13 01:46:57 | 000,077,824 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)
SRV - [2003/03/09 15:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/09/25 09:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] --  -- (Jukebox3)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (ATWPKT2)
DRV - [2010/02/12 14:16:55 | 000,097,344 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2010/01/05 08:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 08:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 08:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2006/01/13 01:46:58 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2006/01/13 01:46:58 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2006/01/13 01:46:58 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2006/01/13 01:46:57 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/20 17:26:00 | 000,737,874 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/14 03:14:28 | 000,112,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/03/14 03:14:16 | 000,078,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/03/09 15:31:02 | 000,021,456 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 15:31:02 | 000,016,080 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 15:31:00 | 000,051,024 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/03/08 00:13:22 | 000,624,369 | ---- | M] (LT) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/08/29 07:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2002/08/29 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/08/29 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2002/08/29 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2002/07/30 00:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/09/27 11:00:26 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1998/09/24 21:40:24 | 000,052,800 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\System32\drivers\HPFECP13.SYS -- (HPFECP13)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Owner_ON_C\..\URLSearchHook: {DB21F555-5583-189A-6420-97FF65A51991} -  File not found
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
 
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
 
 
IE - HKU\Tech_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Tech_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Tech_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2009/05/26 15:06:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2009/05/26 15:06:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 13:50:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 19:46:42 | 000,000,000 | ---D | M]
 
[2008/09/04 12:51:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
 
Hosts file not found
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (myBar BHO) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (My Way)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&SearchBar) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (My Way)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (&SearchBar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (My Way)
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (&SearchBar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (My Way)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\Tech_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Tech_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dmodf.exe] C:\WINDOWS\System32\dmodf.exe File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Owner_ON_C..\Run: [PhilipsLime] C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe (Philips)
O4 - HKU\Owner_ON_C..\Run: [sbin]  File not found
O4 - HKU\Owner_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\Owner_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Owner_ON_C..\Run: [UnSpyPC] C:\Program Files\UnSpyPC\UnSpyPC.exe File not found
O4 - HKU\Tech_ON_C..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
O4 - HKU\Tech_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 1
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Tech_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Tech_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Tech_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 1
O7 - HKU\Tech_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Tech_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Tech_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\helper32.dll ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Owner_ON_C\..Trusted Domains: 7 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Tech_ON_C\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (YInstStarter Class)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.installengine.com/engine/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://www.webmap.niu.edu/campus/ACGM/Acgm.cab (ActiveCGM Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\System32\winlogon32.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/26 00:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6c88e44c-cf77-11d7-a778-806d6172696f}\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 90 Days ==========[/color]
 
[2010/02/16 18:07:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/02/16 18:06:08 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/02/16 18:06:07 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/02/16 18:06:07 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/02/16 18:06:07 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/02/16 18:06:07 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/02/16 18:06:07 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/02/16 18:06:07 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/02/16 18:06:07 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/02/16 18:06:07 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/02/16 18:06:07 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/02/16 18:06:07 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/02/16 18:06:07 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/02/16 18:06:07 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/02/16 18:06:07 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/02/16 18:06:07 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/02/16 18:06:07 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/02/16 18:06:07 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/14 01:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2010/02/14 01:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/02/14 01:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/14 01:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/14 01:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Virus_Removal_Progs
[2010/02/05 20:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/05 20:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/12 18:20:22 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/16 07:58:04 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/14 02:35:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/11/27 12:33:35 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 11:37:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 11:37:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/27 11:37:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 90 Days ==========[/color]
 
[2010/02/16 19:02:48 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/02/16 19:02:48 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/02/16 19:02:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/16 19:02:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/16 19:01:39 | 661,700,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/16 18:07:54 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/15 21:23:40 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/02/15 21:23:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/15 21:23:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/15 20:59:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/15 20:55:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/15 20:53:46 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Tech\NTUSER.DAT
[2010/02/15 20:53:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tech\ntuser.ini
[2010/02/15 20:10:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/14 03:01:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/14 03:01:55 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/02/14 02:56:21 | 004,311,040 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/02/14 01:26:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/02/14 01:26:04 | 000,003,310 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/02/14 00:09:11 | 001,930,896 | -H-- | M] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\IconCache.db
[2010/02/13 23:55:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30051.exe
[2010/02/13 18:15:52 | 000,000,652 | ---- | M] () -- C:\WINDOWS\etehujoj.dll
[2010/02/13 18:13:42 | 000,000,652 | ---- | M] () -- C:\WINDOWS\owusexuyodege.dll
[2010/02/13 18:08:06 | 000,000,652 | ---- | M] () -- C:\WINDOWS\imajiyuhaxovab.dll
[2010/02/12 18:37:54 | 000,000,652 | ---- | M] () -- C:\WINDOWS\asidelubem.dll
[2010/02/12 15:35:17 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/12 15:35:17 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/12 15:35:16 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/12 15:35:16 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/12 15:35:16 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/12 15:35:16 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/12 15:35:16 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/12 15:35:16 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/12 15:35:16 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/12 15:35:16 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/12 15:35:16 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/12 15:35:16 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/12 15:35:16 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/12 15:35:16 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/12 15:35:16 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/12 15:35:16 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/12 14:16:55 | 000,097,344 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys
[2010/02/12 14:16:26 | 000,029,184 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/02/11 04:39:14 | 000,000,181 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/02/11 04:05:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/21 14:14:19 | 000,007,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\beverly_hills_ninja2.jpg
[2010/01/14 12:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/12/31 11:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/22 12:16:00 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/22 00:42:49 | 000,662,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/12/22 00:42:49 | 000,624,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/12/22 00:42:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/12/22 00:42:48 | 001,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/12/22 00:42:48 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/12/22 00:42:48 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/12/22 00:42:48 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/12/22 00:42:48 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/12/22 00:42:47 | 003,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/12/22 00:42:47 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/12/22 00:42:47 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/12/22 00:42:47 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/12/22 00:42:45 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/12/22 00:42:45 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/12/22 00:42:45 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/12/22 00:42:45 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/12/22 00:42:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/12/22 00:42:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/12/22 00:42:45 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/12/22 00:42:45 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/12/22 00:42:45 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2009/12/22 00:42:45 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/12/22 00:42:45 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/12/22 00:42:44 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2009/12/22 00:42:44 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\danim.dll
[2009/12/22 00:42:44 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/12/22 00:42:44 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/12/22 00:42:43 | 001,023,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2009/12/22 00:42:43 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2009/12/16 08:33:58 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/12/16 08:10:30 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/12/16 07:58:04 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/12/16 07:58:04 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/16 07:57:07 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2009/12/14 02:35:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/14 02:35:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/12/11 20:22:15 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/10 08:57:37 | 000,416,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 08:57:37 | 000,365,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 08:57:37 | 000,046,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/08 04:13:51 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/12/04 09:41:55 | 000,453,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/11/29 21:54:04 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\415 take home EXAM.2.doc
[2009/11/27 12:33:35 | 001,291,264 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2009/11/27 12:33:35 | 001,291,264 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/11/27 12:33:35 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 11:37:27 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/27 11:37:27 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll
[2009/11/27 11:37:27 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 11:37:27 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009/11/27 11:37:27 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/27 11:37:27 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2009/11/21 11:36:54 | 001,196,000 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/11/21 11:36:13 | 000,470,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/02/16 18:06:08 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/16 18:06:08 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/16 18:06:08 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/16 18:06:08 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/16 18:06:08 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/16 18:06:08 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/16 18:06:08 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/16 18:06:08 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/16 18:06:08 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/16 18:06:08 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/16 18:06:08 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/16 18:06:08 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/16 18:06:08 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/16 18:06:08 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/16 18:06:08 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/16 18:06:08 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/16 18:06:08 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/15 20:10:43 | 661,700,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/13 23:55:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30051.exe
[2010/02/13 18:15:52 | 000,000,652 | ---- | C] () -- C:\WINDOWS\etehujoj.dll
[2010/02/13 18:13:42 | 000,000,652 | ---- | C] () -- C:\WINDOWS\owusexuyodege.dll
[2010/02/13 18:08:06 | 000,000,652 | ---- | C] () -- C:\WINDOWS\imajiyuhaxovab.dll
[2010/02/12 18:37:54 | 000,000,652 | ---- | C] () -- C:\WINDOWS\asidelubem.dll
[2010/02/12 14:16:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/02/12 14:16:25 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/02/12 14:16:04 | 000,003,310 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/02/05 20:54:50 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/05 20:54:49 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/21 14:14:09 | 000,007,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\beverly_hills_ninja2.jpg
[2009/12/11 20:22:15 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/12/11 20:22:15 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/29 20:59:45 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\415 take home EXAM.2.doc
[2008/09/04 13:06:17 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/01/18 14:04:43 | 000,028,350 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Install.dat
[2008/01/17 15:34:32 | 000,004,151 | ---- | C] () -- C:\WINDOWS\rdt.ini
[2005/10/03 19:58:41 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/06 00:46:39 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/09/06 00:18:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/05 23:13:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/05 23:13:39 | 000,000,181 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/08/30 01:07:02 | 000,000,470 | ---- | C] () -- C:\WINDOWS\HPFCSS13.INI
[2004/08/30 00:56:57 | 000,000,231 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/08/30 00:56:14 | 000,000,270 | ---- | C] () -- C:\WINDOWS\HPFTBX13.INI
[2004/01/14 01:19:20 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/15 22:46:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/27 14:46:55 | 000,004,636 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/08/15 18:31:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/06/05 10:13:18 | 000,097,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\asc3550p.sys
[2003/06/05 09:57:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\sdcphk.dll
[2003/06/05 09:55:43 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/04/28 22:12:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/26 02:23:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/26 02:23:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/26 02:05:29 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/26 02:02:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/26 02:02:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/26 01:34:01 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/26 01:18:01 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/26 00:53:15 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/26 00:53:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/26 00:52:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/26 00:37:56 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/26 00:24:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/09 15:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/22 05:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/09/24 22:28:10 | 000,004,404 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk13.ini
[1998/09/24 22:20:52 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\HPFdat13.dll
[1998/09/24 22:18:44 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPFscp13.dll
[1998/09/24 22:07:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl13.dll
[1998/09/24 22:07:26 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl13.dll
[1998/09/24 22:07:20 | 000,297,472 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl13.dll
[1998/09/24 22:07:14 | 001,080,320 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl13.dll
[1998/09/24 22:02:48 | 000,194,048 | ---- | C] () -- C:\WINDOWS\System32\HPFcps13.dll
[1998/09/24 22:02:20 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r13.dll
[1998/09/24 22:01:06 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst13.dll
[1998/09/24 21:53:42 | 000,395,264 | ---- | C] () -- C:\WINDOWS\System32\HPFui13.dll
[1998/09/24 21:48:08 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\HPFwin13.dll
[1998/09/24 21:44:52 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon13.dll
[1998/09/24 21:44:14 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl13.dll
[1998/09/24 21:41:58 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop13.dll
[1998/09/24 21:41:46 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml13.dll
[1998/09/24 21:41:40 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc13.dll
[1998/09/24 21:41:32 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem13.dll
[1998/09/24 21:41:28 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm13.dll
[1998/09/24 21:41:16 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom13.dll
[1998/09/24 21:40:24 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp13.sys
[1998/09/24 21:39:34 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu13.dll
[1998/09/24 21:39:04 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa13.dll
[1998/09/24 21:34:34 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg13.dll
[1998/09/24 21:31:14 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt13.dll
 
[color=\"#E56717\"]========== LOP Check ==========[/color]
 
[2005/01/31 00:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2009/01/14 21:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2003/04/26 01:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/01/13 22:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kazaa Lite
[2003/08/22 18:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kontiki
[2009/01/14 21:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
[2003/04/26 02:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2005/09/13 01:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2010/02/12 14:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/05/03 16:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2005/10/03 13:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2003/04/26 01:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2003/04/26 02:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2003/04/26 01:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\InterTrust
[2009/10/04 10:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\Kazaa Lite
[2003/04/26 02:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\SampleView
[2009/06/21 10:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\Viewpoint
[2003/10/20 22:31:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\easy Internet sign-up.job
[2004/10/26 22:40:53 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090807221.job
[2010/02/15 20:55:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
 
[color=\"#E56717\"]========== Purity Check ==========[/color]
 
 
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 85149 bytes -> C:\WINDOWS\Q327979.log:epzpwz
@Alternate Data Stream - 85149 bytes -> C:\WINDOWS\ocgen.log:bndsf
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\sessmgr.setup.log:ugeihm
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\Prairie Wind.bmp:ouagzi
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\msoffice.ini:hlxtll
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\KB823980.log:ffmxyg
@Alternate Data Stream - 197756 bytes -> C:\WINDOWS\rpalu.dat:bftvnk
@Alternate Data Stream - 197756 bytes -> C:\WINDOWS\OEWABLog.txt:wtpbff
@Alternate Data Stream - 197756 bytes -> C:\WINDOWS\KB282010.log:kibmwg
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\regopt.log:jebpla
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\ocgen.log:dsxndv
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\jautoexp.dat:wkuapy
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\hpomdl01.dat:cdjebm
< End of report >
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer loggs off immidiately upon logon
« Reply #3 on: February 16, 2010, 10:04:47 PM »
Ok, you may be still in Realtogo desktop enviroment
If you are, and have Internet access you can skip transferring files to USB
You simply open IE and copy/paste the fix below to custom/scan section of OTL.exe

=Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Name the file as fix.txt
Ensure to include :Reg
Save this file on your desktop

Code: [Select]
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\Userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-

:OTL
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
IE - HKU\Owner_ON_C\..\URLSearchHook: {DB21F555-5583-189A-6420-97FF65A51991} - File not found
O4 - HKLM..\Run: [dmodf.exe] C:\WINDOWS\System32\dmodf.exe File not found
O4 - HKU\Owner_ON_C..\Run: [UnSpyPC] C:\Program Files\UnSpyPC\UnSpyPC.exe File not found
O4 - HKU\Tech_ON_C..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
O15 - HKLM\..Trusted Domains: buy-internet-security10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-internet-security10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-soft-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O24 - Desktop WallPaper:

:Files
helper32.dll /lsp
winhelper86.dll /lsp
%HOMEDRIVE%\Internet Security 2010.lnk /s
%systemroot%\System32\winlogon32.exe
%systemroot%\System32\smss32.exe
%systemroot%\System32\AVR10.exe
%systemroot%\System32\helper32.dll
%systemroot%\System32\winlogon32.exe
%systemroot%\System32\smss32.exe
%systemroot%\System32\warning.html
%systemroot%\system32\IS15.exe
%systemroot%\System32\winhelper86.dll
%HOMEDRIVE%\trhh.exe
%HOMEDRIVE%\sdigdvmg.exe
%HOMEDRIVE%\wgqi.exe
%HOMEDRIVE%\byyk.exe
%systemroot%\lsass.exe
%systemroot%\odbn0.exe
%systemroot%\System32\sdra64.exe
%systemroot%\System32\41.exe
%systemroot%\System32\153.exe
%systemroot%\System32\292.exe
%systemroot%\System32\491.exe
%systemroot%\System32\1869.exe
%systemroot%\system32\2876.exe
%systemroot%\System32\2995.exe
%systemroot%\System32\3902.exe
%systemroot%\System32\4827.exe
%systemroot%\System32\5436.exe
%systemroot%\System32\5447.exe
%systemroot%\System32\5705.exe
%systemroot%\System32\6334.exe
%systemroot%\System32\7376.exe
%systemroot%\System32\9961.exe
%systemroot%\System32\11478.exe
%systemroot%\System32\11538.exe
%systemroot%\System32\11942.exe
%systemroot%\System32\12382.exe
%systemroot%\system32\12662.exe
%systemroot%\System32\13931.exe
%systemroot%\system32\14070.exe
%systemroot%\System32\14604.exe
%systemroot%\System32\14771.exe
%systemroot%\System32\15724.exe
%systemroot%\System32\16827.exe
%systemroot%\System32\16944.exe
%systemroot%\system32\17125.exe
%systemroot%\System32\17421.exe
%systemroot%\System32\18467.exe
%systemroot%\System32\18716.exe
%systemroot%\System32\19169.exe
%systemroot%\System32\19718.exe
%systemroot%\System32\19895.exe
%systemroot%\system32\19905.exe
%systemroot%\System32\19912.exe
%systemroot%\system32\21386.exe
%systemroot%\System32\21726.exe
%systemroot%\system32\22934.exe
%systemroot%\System32\23281.exe
%systemroot%\system32\24242.exe
%systemroot%\System32\24464.exe
%systemroot%\system32\24478.exe
%systemroot%\System32\26308.exe
%systemroot%\System32\26500.exe
%systemroot%\System32\26962.exe
%systemroot%\system32\27213.exe
%systemroot%\System32\28145.exe
%systemroot%\system32\28466.exe
%systemroot%\System32\29358.exe
%systemroot%\System32\32391.exe
%systemroot%\System32\32439.exe
%systemroot%\system32\ndisdrv.sys
%HOMEDRIVE%\s
%systemroot%\system32\kbdsock.dll
%systemroot%\system32\mshlps.dll
%systemroot%\system32\drivers\kdrhkukb.sys
%PROGRAMFILES%\InternetSecurity2010
%systemroot%\System32\lowsec
C:\WINDOWS\System32\30051.exe
C:\WINDOWS\etehujoj.dll
C:\WINDOWS\owusexuyodege.dll
C:\WINDOWS\imajiyuhaxovab.dll
C:\WINDOWS\asidelubem.dll

:Services
lmuytnv
ndisdrv
qvazdxe

:Commands
[resethosts]
[emptytemp]
Transfer fix.txt to a USB thumbdrive
  • Insert your USB drive with fix.txt on it
  • Start OTLPE
       
  • Drag and drop fix.txt into the [color=\"#4169E1\"]Custom scans and fixes[/color] box
       
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
       
  • Let the program run unhindered  
  • OTL may ask to reboot the machine. Please do so.
  • If OTL did not reboot the machine, click OK and the log will open. Save this to your USB stick. Post the contents of the log in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
If all goes well, you should be able to boot into Normal Windows now. Let me know.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #4 on: February 17, 2010, 02:22:18 AM »
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\Userinit.exe," /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== OTL ==========
Unable to set value : HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E!
Unable to set value : HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E!
Registry value HKEY_USERS\Owner_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{DB21F555-5583-189A-6420-97FF65A51991} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB21F555-5583-189A-6420-97FF65A51991}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dmodf.exe deleted successfully.
Registry value HKEY_USERS\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\UnSpyPC deleted successfully.
Registry value HKEY_USERS\Tech_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2010 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-internet-security10.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-internet-security10.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-soft-download.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\WallPaper deleted successfully.
File  not found.
========== FILES ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
C:\WINDOWS\system32\helper32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\ deleted successfully.
File C:\WINDOWS\System32\helper32.dll not found.
File\Folder C:\WINDOWS\System32\winlogon32.exe not found.
File\Folder C:\WINDOWS\System32\smss32.exe not found.
File\Folder C:\WINDOWS\System32\AVR10.exe not found.
File\Folder C:\WINDOWS\System32\helper32.dll not found.
File\Folder C:\WINDOWS\System32\winlogon32.exe not found.
File\Folder C:\WINDOWS\System32\smss32.exe not found.
C:\WINDOWS\System32\warning.html moved successfully.
File\Folder C:\WINDOWS\system32\IS15.exe not found.
File\Folder C:\WINDOWS\System32\winhelper86.dll not found.
File\Folder C:\WINDOWS\lsass.exe not found.
File\Folder C:\WINDOWS\odbn0.exe not found.
File\Folder C:\WINDOWS\System32\sdra64.exe not found.
C:\WINDOWS\System32\41.exe moved successfully.
File\Folder C:\WINDOWS\System32\153.exe not found.
File\Folder C:\WINDOWS\System32\292.exe not found.
File\Folder C:\WINDOWS\System32\491.exe not found.
File\Folder C:\WINDOWS\System32\1869.exe not found.
File\Folder C:\WINDOWS\system32\2876.exe not found.
File\Folder C:\WINDOWS\System32\2995.exe not found.
File\Folder C:\WINDOWS\System32\3902.exe not found.
File\Folder C:\WINDOWS\System32\4827.exe not found.
File\Folder C:\WINDOWS\System32\5436.exe not found.
File\Folder C:\WINDOWS\System32\5447.exe not found.
File\Folder C:\WINDOWS\System32\5705.exe not found.
File\Folder C:\WINDOWS\System32\6334.exe not found.
File\Folder C:\WINDOWS\System32\7376.exe not found.
File\Folder C:\WINDOWS\System32\9961.exe not found.
File\Folder C:\WINDOWS\System32\11478.exe not found.
File\Folder C:\WINDOWS\System32\11538.exe not found.
File\Folder C:\WINDOWS\System32\11942.exe not found.
File\Folder C:\WINDOWS\System32\12382.exe not found.
File\Folder C:\WINDOWS\system32\12662.exe not found.
File\Folder C:\WINDOWS\System32\13931.exe not found.
File\Folder C:\WINDOWS\system32\14070.exe not found.
File\Folder C:\WINDOWS\System32\14604.exe not found.
File\Folder C:\WINDOWS\System32\14771.exe not found.
File\Folder C:\WINDOWS\System32\15724.exe not found.
File\Folder C:\WINDOWS\System32\16827.exe not found.
File\Folder C:\WINDOWS\System32\16944.exe not found.
File\Folder C:\WINDOWS\system32\17125.exe not found.
File\Folder C:\WINDOWS\System32\17421.exe not found.
File\Folder C:\WINDOWS\System32\18467.exe not found.
File\Folder C:\WINDOWS\System32\18716.exe not found.
File\Folder C:\WINDOWS\System32\19169.exe not found.
File\Folder C:\WINDOWS\System32\19718.exe not found.
File\Folder C:\WINDOWS\System32\19895.exe not found.
File\Folder C:\WINDOWS\system32\19905.exe not found.
File\Folder C:\WINDOWS\System32\19912.exe not found.
File\Folder C:\WINDOWS\system32\21386.exe not found.
File\Folder C:\WINDOWS\System32\21726.exe not found.
File\Folder C:\WINDOWS\system32\22934.exe not found.
File\Folder C:\WINDOWS\System32\23281.exe not found.
File\Folder C:\WINDOWS\system32\24242.exe not found.
File\Folder C:\WINDOWS\System32\24464.exe not found.
File\Folder C:\WINDOWS\system32\24478.exe not found.
File\Folder C:\WINDOWS\System32\26308.exe not found.
File\Folder C:\WINDOWS\System32\26500.exe not found.
File\Folder C:\WINDOWS\System32\26962.exe not found.
File\Folder C:\WINDOWS\system32\27213.exe not found.
File\Folder C:\WINDOWS\System32\28145.exe not found.
File\Folder C:\WINDOWS\system32\28466.exe not found.
File\Folder C:\WINDOWS\System32\29358.exe not found.
File\Folder C:\WINDOWS\System32\32391.exe not found.
File\Folder C:\WINDOWS\System32\32439.exe not found.
File\Folder C:\WINDOWS\system32\ndisdrv.sys not found.
File\Folder C:\WINDOWS\system32\kbdsock.dll not found.
File\Folder C:\WINDOWS\system32\mshlps.dll not found.
File\Folder C:\WINDOWS\system32\drivers\kdrhkukb.sys not found.
File\Folder C:\Program Files\InternetSecurity2010 not found.
File\Folder C:\WINDOWS\System32\lowsec not found.
C:\WINDOWS\System32\30051.exe moved successfully.
C:\WINDOWS\etehujoj.dll moved successfully.
C:\WINDOWS\owusexuyodege.dll moved successfully.
C:\WINDOWS\imajiyuhaxovab.dll moved successfully.
C:\WINDOWS\asidelubem.dll moved successfully.
========== SERVICES/DRIVERS ==========
Service\Driver key lmuytnv not found.
Service\Driver key ndisdrv not found.
Service\Driver key qvazdxe not found.
========== COMMANDS ==========
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: .DEFAULT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 12647324 bytes
->Java cache emptied: 3180936 bytes
 
User: Administrator_ON_C
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33064 bytes
 
User: LocalService_ON_C
->Temp folder emptied: 97728 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService_ON_C
->Temp folder emptied: 526218 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Owner_ON_C
->Temp folder emptied: 1544448625 bytes
->Temporary Internet Files folder emptied: 282034009 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61291176 bytes
 
User: S-1-5-18
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Tech_ON_C
->Temp folder emptied: 3802260 bytes
->Temporary Internet Files folder emptied: 293348562 bytes
->Java cache emptied: 11459 bytes
->FireFox cache emptied: 31778294 bytes
 
%systemdrive% .tmp files removed: 5392 bytes
%systemroot% .tmp files removed: 19528 bytes
%systemroot%\System32 .tmp files removed: 5528081 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12864347 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 200218 bytes
RecycleBin emptied: 195926785 bytes
 
Total Files Cleaned = 2,334.00 mb
 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
 
OTLPE by OldTimer - Version 3.1.29.0 log created on 02162010_212048
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #5 on: February 17, 2010, 02:34:01 AM »
I also wanted to add... The computer now does boot back into windows normally and it stays there! Thank you. I posted the log you requested in the post above, I also wanted to include a hijack this log just in case you wanted to see that. I'm not sure how the logs differ.



Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:30:35 AM, on 2/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [sbin] sound64.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.buy-is2010.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is10-soft-download.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.webmap.niu.edu/campus/ACGM/Acgm.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7313 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer loggs off immidiately upon logon
« Reply #6 on: February 17, 2010, 09:52:59 AM »
just on my way to work, in the meantime, can you do the following
Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [sbin] sound64.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.buy-is2010.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is10-soft-download.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Back in Windows

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
          This version will download a randomly named file (Recommended)
       
  • Zipped Mirror
          This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

       
  • Close all running programs.
  • Temporarily [color=\"#0000FF\"]disable any real-time active protection[/color] so your security programs will not conflict with gmer's driver.
       
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
       
  • [color=\"#2E8B57\"]Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.[/color]


       
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
       
  • Now click the Scan button. If you see a rootkit warning window, click OK.
       
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
       
  • Exit GMER and re-enable all active protection when done.

In addition with the log from Gmer. Can you do the following
Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Under Extra Registry, ensure that Safelist is selected
  • Under the Custom Scan box paste this in, the contents in Blue
[color=\"#0000FF\"]netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]


  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #7 on: February 17, 2010, 04:47:26 PM »
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-17 15:13:10
Windows 5.1.2600 Service Pack 2
Running: 3hp7ogzd.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\agpdyfod.sys


---- System - GMER 1.0.15 ----

SSDT  \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xEED530B0]

---- Kernel code sections - GMER 1.0.15 ----

init  C:\WINDOWS\System32\drivers\HPFECP13.SYS                                                                       entry point in "init" section [0xEEA15080]

---- Files - GMER 1.0.15 ----

ADS   C:\WINDOWS\ocgen.log:bndsf                                                                                     85149 bytes executable
ADS   C:\WINDOWS\Q327979.log:epzpwz                                                                                  85149 bytes executable

---- EOF - GMER 1.0.15 ----
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #8 on: February 17, 2010, 08:04:35 PM »
OTL logfile created on: 2/17/2010 3:18:42 PM - Run 1
OTL by OldTimer - Version 3.1.28.0     Folder = C:\Documents and Settings\Owner\Desktop\jysn
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
631.00 Mb Total Physical Memory | 324.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 500 500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.97 Gb Total Space | 3.36 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
Drive D: | 3.28 Gb Total Space | 0.66 Gb Free Space | 19.99% Space Free | Partition Type: FAT32
Drive E: | 30.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: YOUR-B79WZ4ROSE
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/02/17 13:58:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\jysn\OTL.exe
PRC - [2009/01/10 19:08:30 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/03 17:20:06 | 000,293,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2006/11/03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/01/13 00:46:57 | 000,311,296 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe
PRC - [2006/01/13 00:46:57 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
PRC - [2005/09/08 16:10:26 | 000,159,744 | ---- | M] (Philips) -- C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
PRC - [2005/09/08 16:07:02 | 000,643,072 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
PRC - [2004/08/04 01:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/09/25 08:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/02/17 13:58:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\jysn\OTL.exe
MOD - [2004/08/04 01:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/02/05 19:54:43 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/05/11 16:10:49 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/11/03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/13 00:46:57 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)
SRV - [2003/03/09 14:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/09/25 08:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/02/12 13:16:55 | 000,097,344 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2006/01/13 00:46:58 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2006/01/13 00:46:58 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2006/01/13 00:46:58 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2006/01/13 00:46:57 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2004/10/01 09:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/20 16:26:00 | 000,737,874 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/08/03 23:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 23:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/14 02:14:28 | 000,112,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/03/14 02:14:16 | 000,078,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/03/09 14:31:02 | 000,021,456 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 14:31:02 | 000,016,080 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 14:31:00 | 000,051,024 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/03/07 23:13:22 | 000,624,369 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/12/27 12:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/08/29 06:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2002/08/29 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/09/27 10:00:26 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1998/09/24 20:40:24 | 000,052,800 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HPFECP13.SYS -- (HPFECP13)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
 
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2009/05/26 14:06:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2009/05/26 14:06:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 12:50:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 18:46:42 | 000,000,000 | ---D | M]
 
[2008/09/04 11:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/12 10:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n32pxsq8.default\extensions
[2009/11/02 21:13:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n32pxsq8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/09/04 11:51:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2010/02/16 20:20:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (myBar BHO) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (My Way)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&SearchBar) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (My Way)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&SearchBar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (My Way)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&SearchBar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (My Way)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PhilipsLime] C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe (Philips)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: Email Removed ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (YInstStarter Class)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.installengine.com/engine/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://www.webmap.niu.edu/campus/ACGM/Acgm.cab (ActiveCGM Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/25 23:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6c88e44c-cf77-11d7-a778-806d6172696f}\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/06/05 09:27:21 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/02/17 13:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\jysn
[2010/02/17 01:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/16 20:21:52 | 000,546,304 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/02/16 20:20:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/14 00:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2010/02/14 00:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/14 00:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/02/14 00:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/14 00:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/14 00:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Virus_Removal_Progs
[2010/02/05 19:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/05 19:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/04 14:07:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/10/20 13:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2003/04/25 23:37:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2003/04/25 23:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2003/04/25 23:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[13 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/02/17 14:59:18 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/17 14:31:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/17 13:59:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/17 13:58:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/17 13:58:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/17 13:58:48 | 661,700,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/17 13:57:49 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/02/17 13:57:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/17 01:39:20 | 004,843,774 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/02/17 01:29:53 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/02/15 19:10:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/12 13:16:55 | 000,097,344 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys
[2010/02/12 12:48:43 | 000,546,304 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2010/02/11 03:39:14 | 000,000,181 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/02/11 03:05:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/21 13:14:19 | 000,007,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\beverly_hills_ninja2.jpg
[13 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/02/17 01:29:53 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/02/15 19:10:43 | 661,700,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/05 19:54:50 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/05 19:54:49 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/21 13:14:09 | 000,007,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\beverly_hills_ninja2.jpg
[2008/09/04 12:06:17 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/01/18 13:04:43 | 000,028,350 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Install.dat
[2008/01/17 14:34:32 | 000,004,151 | ---- | C] () -- C:\WINDOWS\rdt.ini
[2005/10/03 18:58:41 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/05 23:46:39 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/09/05 23:18:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/05 22:13:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/05 22:13:39 | 000,000,181 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/08/30 00:07:02 | 000,000,470 | ---- | C] () -- C:\WINDOWS\HPFCSS13.INI
[2004/08/29 23:56:57 | 000,000,231 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/08/29 23:56:14 | 000,000,270 | ---- | C] () -- C:\WINDOWS\HPFTBX13.INI
[2004/01/14 00:19:20 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/15 21:46:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/27 13:46:55 | 000,004,636 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/08/24 13:01:56 | 000,000,980 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/08/15 17:31:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/06/05 09:13:18 | 000,097,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\asc3550p.sys
[2003/06/05 08:57:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\sdcphk.dll
[2003/06/05 08:55:43 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/04/28 21:12:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/26 01:23:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/26 01:23:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/26 01:05:29 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/26 01:02:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/26 01:02:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/26 00:34:01 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/26 00:18:01 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/25 23:53:15 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/25 23:53:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/25 23:52:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/25 23:37:56 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/25 23:24:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/09 14:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/22 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/09/24 21:28:10 | 000,004,404 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk13.ini
[1998/09/24 21:20:52 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\HPFdat13.dll
[1998/09/24 21:18:44 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPFscp13.dll
[1998/09/24 21:07:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl13.dll
[1998/09/24 21:07:26 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl13.dll
[1998/09/24 21:07:20 | 000,297,472 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl13.dll
[1998/09/24 21:07:14 | 001,080,320 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl13.dll
[1998/09/24 21:02:48 | 000,194,048 | ---- | C] () -- C:\WINDOWS\System32\HPFcps13.dll
[1998/09/24 21:02:20 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r13.dll
[1998/09/24 21:01:06 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst13.dll
[1998/09/24 20:53:42 | 000,395,264 | ---- | C] () -- C:\WINDOWS\System32\HPFui13.dll
[1998/09/24 20:48:08 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\HPFwin13.dll
[1998/09/24 20:44:52 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon13.dll
[1998/09/24 20:44:14 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl13.dll
[1998/09/24 20:41:58 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop13.dll
[1998/09/24 20:41:46 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml13.dll
[1998/09/24 20:41:40 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc13.dll
[1998/09/24 20:41:32 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem13.dll
[1998/09/24 20:41:28 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm13.dll
[1998/09/24 20:41:16 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom13.dll
[1998/09/24 20:40:24 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp13.sys
[1998/09/24 20:39:34 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu13.dll
[1998/09/24 20:39:04 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa13.dll
[1998/09/24 20:34:34 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg13.dll
[1998/09/24 20:31:14 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt13.dll
 
[color=\"#E56717\"]========== Custom Scans ==========[/color]
 
 
[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]
[2004/03/16 19:12:39 | 004,170,752 | ---- | M] () -- C:\DivX511.exe
[2010/02/12 12:48:43 | 000,546,304 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2005/10/31 09:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
 
 
[color=\"#A23BEC\"]< MD5 for: AGP440.SYS  >[/color]
[2008/09/04 12:50:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/04 12:50:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS  >[/color]
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/09/04 12:50:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2008/09/04 12:50:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/08/29 06:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002/10/24 14:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2002/08/29 06:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2002/08/29 06:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
 
[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL  >[/color]
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2002/08/29 06:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
 
[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav >[/color]
[2003/04/25 16:27:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/04/25 16:27:10 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/04/25 16:27:10 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 85149 bytes -> C:\WINDOWS\Q327979.log:epzpwz
@Alternate Data Stream - 85149 bytes -> C:\WINDOWS\ocgen.log:bndsf
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\sessmgr.setup.log:ugeihm
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\Prairie Wind.bmp:ouagzi
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\msoffice.ini:hlxtll
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\KB823980.log:ffmxyg
@Alternate Data Stream - 197756 bytes -> C:\WINDOWS\rpalu.dat:bftvnk
@Alternate Data Stream - 197756 bytes -> C:\WINDOWS\OEWABLog.txt:wtpbff
@Alternate Data Stream - 197756 bytes -> C:\WINDOWS\KB282010.log:kibmwg
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\regopt.log:jebpla
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\ocgen.log:dsxndv
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\jautoexp.dat:wkuapy
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\hpomdl01.dat:cdjebm
< End of report >
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #9 on: February 17, 2010, 08:05:57 PM »
OTL Extras logfile created on: 2/17/2010 3:18:42 PM - Run 1
OTL by OldTimer - Version 3.1.28.0     Folder = C:\Documents and Settings\Owner\Desktop\jysn
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
631.00 Mb Total Physical Memory | 324.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 500 500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.97 Gb Total Space | 3.36 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
Drive D: | 3.28 Gb Total Space | 0.66 Gb Free Space | 19.99% Space Free | Partition Type: FAT32
Drive E: | 30.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: YOUR-B79WZ4ROSE
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Owner\Desktop\utorrent.exe" = C:\Documents and Settings\Owner\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager
"{48BD24F5-13DE-493A-A7CE-28A85113FF0C}" = HP Deskjet printer preloaded drivers
"{57F06897-6735-4B97-9DF3-DE8BC27879D4}" = Philips Device Plug-in
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7BA3B75C-5601-4A6F-986C-47FEF17E8416}" = SpyFighterPro
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}" = Terayon DOCSIS Modem
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Instant Messenger" = AOL Instant Messenger
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"CompuServe us" = CompuServe
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"HP DeskJet 710C Series" = HP DeskJet 710C Series (Remove only)
"hp instant support" = hp instant support
"hp photosmart printer series" = hp photosmart printer series (Remove only)
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"kazaalite202_is1" = Kazaa Lite K++ v2.4.1
"LiveReg" = LiveReg (Symantec Corporation)
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"My Way Speedbar Uninstall" = My Search Bar
"Pidgin" = Pidgin
"PS2" = PS2
"PSD Tools ChannelUp" = PSD Tools ChannelUp v1.0 (remove only)
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"uTorrent" = µTorrent
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 12/14/2008 12:06:12 PM | Computer Name = YOUR-B79WZ4ROSE | Source = MPSampleSubmission | ID = 5000
Description =
 
Error - 1/16/2009 3:20:49 PM | Computer Name = YOUR-B79WZ4ROSE | Source = MPSampleSubmission | ID = 5000
Description =
 
Error - 1/19/2009 3:32:18 PM | Computer Name = YOUR-B79WZ4ROSE | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
 memory or insufficient security rights.       DETAIL - The process cannot access the
file because it is being used by another process.  for C:\Documents and Settings\Owner\ntuser.dat
 
Error - 1/19/2009 3:32:49 PM | Computer Name = YOUR-B79WZ4ROSE | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
 this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator.       DETAIL - The process
cannot access the file because it is being used by another process.
 
Error - 1/19/2009 3:32:49 PM | Computer Name = YOUR-B79WZ4ROSE | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
 try to use the backed up profile the next time this user logs on.
 
Error - 1/19/2009 3:33:21 PM | Computer Name = YOUR-B79WZ4ROSE | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
 temporary profile. Changes you make to this profile will be lost when you log off.
 
Error - 2/12/2009 6:46:42 PM | Computer Name = YOUR-B79WZ4ROSE | Source = MPSampleSubmission | ID = 5000
Description =
 
Error - 3/9/2009 12:24:12 AM | Computer Name = YOUR-B79WZ4ROSE | Source = Application Error | ID = 1000
Description = Faulting application hphmon03.exe, version 3.5.11.0, faulting module
 unknown, version 0.0.0.0, fault address 0x10001bb5.
 
Error - 4/20/2009 8:33:50 PM | Computer Name = YOUR-B79WZ4ROSE | Source = MPSampleSubmission | ID = 5000
Description =
 
Error - 4/24/2009 8:01:32 AM | Computer Name = YOUR-B79WZ4ROSE | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3384, faulting module
 xul.dll, version 1.9.0.3384, fault address 0x000485f0.
 
[ System Events ]
Error - 2/14/2010 4:02:12 AM | Computer Name = YOUR-B79WZ4ROSE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 2/14/2010 4:02:13 AM | Computer Name = YOUR-B79WZ4ROSE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 2/14/2010 4:02:33 AM | Computer Name = YOUR-B79WZ4ROSE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 2/15/2010 9:10:54 PM | Computer Name = YOUR-B79WZ4ROSE | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error:   %%2001
 
Error - 2/15/2010 9:52:09 PM | Computer Name = YOUR-B79WZ4ROSE | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error:   %%2001
 
Error - 2/15/2010 10:23:24 PM | Computer Name = YOUR-B79WZ4ROSE | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error:   %%2001
 
Error - 2/16/2010 8:01:48 PM | Computer Name = YOUR-B79WZ4ROSE | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error:   %%2001
 
Error - 2/17/2010 3:24:24 AM | Computer Name = YOUR-B79WZ4ROSE | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error:   %%2001
 
Error - 2/17/2010 3:54:33 PM | Computer Name = YOUR-B79WZ4ROSE | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error:   %%2001
 
Error - 2/17/2010 3:58:57 PM | Computer Name = YOUR-B79WZ4ROSE | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error:   %%2001
 
 
< End of report >
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer loggs off immidiately upon logon
« Reply #10 on: February 20, 2010, 03:07:03 PM »
Sorry for the delay, can you do the following please

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
       
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In addition:
Go to the following link [color=\"#0000FF\"]ESET Online Scanner[/color][/url]
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
       
  • Click Start
       
  • When asked, allow the ActiveX control to install
  • Click Start
       
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
       
  • Click Scan (This scan can take awhile, so please be patient)
       
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
       
  • Copy and paste that log as a reply to this topic
« Last Edit: February 20, 2010, 03:08:26 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #11 on: February 21, 2010, 02:37:41 PM »
Malwarebytes' Anti-Malware 1.44
Database version: 3769
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/21/2010 1:30:23 PM
mbam-log-2010-02-21 (13-30-23).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 197774
Time elapsed: 54 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 4
Registry Data Items Infected: 6
Folders Infected: 8
Files Infected: 41

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6cd-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d2-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d3-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d5-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d7-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0db-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: sdcphk.dll  -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\sdcphk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0256185.sys (Trojan.Proxy.Saturn) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0256187.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0256188.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0257186.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0258186.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0259186.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0259187.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0259192.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0260192.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0262192.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0263205.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0264212.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0264218.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0264222.sys (Trojan.Proxy.Saturn) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0264226.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84385F41-106C-4862-86C4-CE41F08F6FCF}\RP1456\A0264234.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\asc3550p.sys (Trojan.Proxy.Saturn) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\UNINSTALL.INF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\0142CDE0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\0142D051.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\0142D274.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\0142D533.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\09D029B5 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\29A7F7B5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\29A7F89F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\29A7F97A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\2FBC880E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsaupdater.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #12 on: February 21, 2010, 03:25:14 PM »
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=012959ab7c1c7c4cad950aeb1dd2b0eb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-21 08:20:31
# local_time=2010-02-21 02:20:31 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=66337
# found=12
# cleaned=12
# scan_time=2332
C:\Documents and Settings\Owner\My Documents\download\BSINSTALL.exe   Win32/Adware.SaveNow application (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Desktop.htt   Win32/TrojanDownloader.FakeAlert.ATP trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\AIM\aim95.exe   Win32/Adware.WBug.A application (deleted - quarantined)   00000000000000000000000000000000   C
C:\Program Files\AIM\Sysfiles\WxBug.EXE   Win32/Adware.WBug.A application (deleted - quarantined)   00000000000000000000000000000000   C
C:\Program Files\SpyFighterPro\AutoUpdate.exe   probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82B.tmp   a variant of Win32/Adware.MediaTickets application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82F.tmp\bldll.dll   a variant of Win32/Adware.MediaTickets application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\WINDOWS\ocgen.log:bndsf   a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\WINDOWS\Q327979.log:epzpwz   a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\WINDOWS\$NtUninstallKB896688-IE6SP1-20051004.130236$\wininet.dll   Win32/Oleloa.gen virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\_OTL\MovedFiles\02162010_212048\C_WINDOWS\system32\helper32.dll   a variant of Win32/Kryptik.CKD trojan (deleted - quarantined)   00000000000000000000000000000000   C
C:\_OTL\MovedFiles\02162010_212048\C_WINDOWS\system32\warning.html   Win32/TrojanDownloader.FakeAlert.ATP trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer loggs off immidiately upon logon
« Reply #13 on: February 21, 2010, 03:46:04 PM »
Can I have you reopen OTL.exe and Run a new Scan
Post back the log that opens, keep me informed how things are now running please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #14 on: February 21, 2010, 04:40:45 PM »
OTL logfile created on: 2/21/2010 3:25:54 PM - Run 2
OTL by OldTimer - Version 3.1.28.0     Folder = C:\Documents and Settings\Owner\Desktop\jysn
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
631.00 Mb Total Physical Memory | 278.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 500 500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.97 Gb Total Space | 12.89 Gb Free Space | 37.95% Space Free | Partition Type: NTFS
Drive D: | 3.28 Gb Total Space | 0.66 Gb Free Space | 19.99% Space Free | Partition Type: FAT32
Drive E: | 30.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: YOUR-B79WZ4ROSE
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/02/21 14:33:02 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/21 14:33:01 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/21 14:33:01 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/21 14:32:59 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/21 14:32:54 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/21 14:32:48 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/17 13:58:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\jysn\OTL.exe
PRC - [2010/01/05 07:56:02 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/01/10 19:08:30 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/01/13 00:46:57 | 000,311,296 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe
PRC - [2006/01/13 00:46:57 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
PRC - [2005/09/08 16:10:26 | 000,159,744 | ---- | M] (Philips) -- C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
PRC - [2005/09/08 16:07:02 | 000,643,072 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
PRC - [2004/08/04 01:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/09/25 08:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/02/17 13:58:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\jysn\OTL.exe
MOD - [2004/08/04 01:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/02/21 14:32:48 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/05 19:54:43 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/05/11 16:10:49 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/11/03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/13 00:46:57 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)
SRV - [2003/03/09 14:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/09/25 08:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/02/21 14:33:58 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/21 14:33:46 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/21 14:33:44 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/12 13:16:55 | 000,097,344 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2006/01/13 00:46:58 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2006/01/13 00:46:58 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2006/01/13 00:46:58 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2006/01/13 00:46:57 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2004/10/01 09:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/20 16:26:00 | 000,737,874 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/08/03 23:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 23:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/14 02:14:28 | 000,112,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/03/14 02:14:16 | 000,078,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/03/09 14:31:02 | 000,021,456 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 14:31:02 | 000,016,080 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 14:31:00 | 000,051,024 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/03/07 23:13:22 | 000,624,369 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/12/27 12:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/08/29 06:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2002/08/29 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/09/27 10:00:26 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1998/09/24 20:40:24 | 000,052,800 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HPFECP13.SYS -- (HPFECP13)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
 
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2009/05/26 14:06:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2009/05/26 14:06:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/21 14:32:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/21 14:33:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 12:50:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 18:46:42 | 000,000,000 | ---D | M]
 
[2008/09/04 11:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/12 10:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n32pxsq8.default\extensions
[2009/11/02 21:13:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n32pxsq8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/09/04 11:51:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2010/02/16 20:20:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PhilipsLime] C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe (Philips)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 1
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: Email Removed ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (YInstStarter Class)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.installengine.com/engine/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://www.webmap.niu.edu/campus/ACGM/Acgm.cab (ActiveCGM Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/25 23:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/02/21 14:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Word Documents
[2010/02/21 14:34:15 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/21 14:33:59 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/21 14:33:58 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/21 14:33:46 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/21 14:33:44 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/21 14:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/21 14:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/21 14:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/21 14:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/21 14:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/21 13:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/21 03:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/02/21 03:45:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/21 03:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/21 03:45:48 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/21 03:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/17 20:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/02/17 13:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\jysn
[2010/02/17 01:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/16 20:21:52 | 000,546,304 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/02/16 20:20:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/14 00:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2010/02/14 00:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/14 00:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/02/14 00:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/14 00:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/14 00:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Virus_Removal_Progs
[2010/02/05 19:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/05 19:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/12 17:20:22 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/16 06:58:04 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/14 01:35:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/11/27 11:33:35 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 10:37:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 10:37:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/27 10:37:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2008/09/04 14:07:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/10/20 13:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2003/04/25 23:37:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2003/04/25 23:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[13 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/02/21 15:24:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/21 15:24:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/21 15:23:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/21 15:23:52 | 661,700,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/21 14:57:41 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/02/21 14:57:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/21 14:33:59 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/21 14:33:59 | 000,001,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/21 14:33:58 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/21 14:33:46 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/21 14:33:44 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/21 14:33:44 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/21 14:33:43 | 056,058,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/21 14:33:26 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/21 14:33:26 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/21 14:33:26 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/21 13:59:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/21 05:09:02 | 000,000,181 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/02/21 03:44:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/17 01:39:20 | 004,843,774 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/02/12 13:16:55 | 000,097,344 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys
[2010/02/12 12:48:43 | 000,546,304 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2010/02/11 03:05:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/21 13:14:19 | 000,007,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\beverly_hills_ninja2.jpg
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/31 10:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/22 11:16:00 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/21 23:42:49 | 000,662,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/12/21 23:42:49 | 000,624,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/12/21 23:42:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/12/21 23:42:48 | 001,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/12/21 23:42:48 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/12/21 23:42:48 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/12/21 23:42:48 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/12/21 23:42:48 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/12/21 23:42:47 | 003,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/12/21 23:42:47 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/12/21 23:42:47 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/12/21 23:42:47 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/12/21 23:42:45 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/12/21 23:42:45 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/12/21 23:42:45 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/12/21 23:42:45 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/12/21 23:42:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/12/21 23:42:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/12/21 23:42:45 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/12/21 23:42:45 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/12/21 23:42:45 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2009/12/21 23:42:45 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/12/21 23:42:45 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/12/21 23:42:44 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2009/12/21 23:42:44 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\danim.dll
[2009/12/21 23:42:44 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/12/21 23:42:44 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/12/21 23:42:43 | 001,023,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2009/12/21 23:42:43 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2009/12/16 07:33:58 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/12/16 07:10:30 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/12/16 06:58:04 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/12/16 06:58:04 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/16 06:57:07 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2009/12/14 01:35:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/14 01:35:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/12/11 19:22:15 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/10 07:57:37 | 000,416,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 07:57:37 | 000,365,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 07:57:37 | 000,046,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/08 03:13:51 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/12/04 08:41:55 | 000,453,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/11/29 20:54:04 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\415 take home EXAM.2.doc
[2009/11/27 11:33:35 | 001,291,264 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2009/11/27 11:33:35 | 001,291,264 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/11/27 11:33:35 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 10:37:27 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/27 10:37:27 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll
[2009/11/27 10:37:27 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 10:37:27 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009/11/27 10:37:27 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/27 10:37:27 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[13 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/02/21 14:33:59 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/21 14:33:43 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/21 14:33:26 | 056,058,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/21 14:33:26 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/21 14:33:26 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/21 14:33:25 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/15 19:10:43 | 661,700,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/05 19:54:50 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/05 19:54:49 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/21 13:14:09 | 000,007,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\beverly_hills_ninja2.jpg
[2009/12/11 19:22:15 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/12/11 19:22:15 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/29 19:59:45 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\415 take home EXAM.2.doc
[2008/09/04 12:06:17 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/01/18 13:04:43 | 000,028,350 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Install.dat
[2008/01/17 14:34:32 | 000,004,151 | ---- | C] () -- C:\WINDOWS\rdt.ini
[2005/10/03 18:58:41 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/05 23:46:39 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/09/05 23:18:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/05 22:13:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/05 22:13:39 | 000,000,181 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/08/30 00:07:02 | 000,000,470 | ---- | C] () -- C:\WINDOWS\HPFCSS13.INI
[2004/08/29 23:56:57 | 000,000,231 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/08/29 23:56:14 | 000,000,270 | ---- | C] () -- C:\WINDOWS\HPFTBX13.INI
[2004/01/14 00:19:20 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/15 21:46:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/27 13:46:55 | 000,004,636 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/08/24 13:01:56 | 000,000,980 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/08/15 17:31:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/06/05 08:55:43 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/04/28 21:12:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/26 01:23:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/26 01:23:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/26 01:05:29 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/26 01:02:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/26 01:02:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/26 00:34:01 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/26 00:18:01 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/25 23:53:15 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/25 23:53:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/25 23:52:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/25 23:37:56 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/25 23:24:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/09 14:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/22 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/09/24 21:28:10 | 000,004,404 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk13.ini
[1998/09/24 21:20:52 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\HPFdat13.dll
[1998/09/24 21:18:44 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPFscp13.dll
[1998/09/24 21:07:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl13.dll
[1998/09/24 21:07:26 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl13.dll
[1998/09/24 21:07:20 | 000,297,472 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl13.dll
[1998/09/24 21:07:14 | 001,080,320 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl13.dll
[1998/09/24 21:02:48 | 000,194,048 | ---- | C] () -- C:\WINDOWS\System32\HPFcps13.dll
[1998/09/24 21:02:20 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r13.dll
[1998/09/24 21:01:06 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst13.dll
[1998/09/24 20:53:42 | 000,395,264 | ---- | C] () -- C:\WINDOWS\System32\HPFui13.dll
[1998/09/24 20:48:08 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\HPFwin13.dll
[1998/09/24 20:44:52 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon13.dll
[1998/09/24 20:44:14 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl13.dll
[1998/09/24 20:41:58 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop13.dll
[1998/09/24 20:41:46 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml13.dll
[1998/09/24 20:41:40 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc13.dll
[1998/09/24 20:41:32 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem13.dll
[1998/09/24 20:41:28 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm13.dll
[1998/09/24 20:41:16 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom13.dll
[1998/09/24 20:40:24 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp13.sys
[1998/09/24 20:39:34 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu13.dll
[1998/09/24 20:39:04 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa13.dll
[1998/09/24 20:34:34 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg13.dll
[1998/09/24 20:31:14 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt13.dll
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\sessmgr.setup.log:ugeihm
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\Prairie Wind.bmp:ouagzi
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\msoffice.ini:hlxtll
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\KB823980.log:ffmxyg
@Alternate Data Stream - 197756 bytes -> C:\WINDOWS\rpalu.dat:bftvnk
@Alternate Data Stream - 197756 bytes -> C:\WINDOWS\OEWABLog.txt:wtpbff
@Alternate Data Stream - 197756 bytes -> C:\WINDOWS\KB282010.log:kibmwg
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\regopt.log:jebpla
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\ocgen.log:dsxndv
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\jautoexp.dat:wkuapy
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\hpomdl01.dat:cdjebm
< End of report >
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #15 on: February 21, 2010, 04:43:22 PM »
Things are definately much better than before. The computer is very old, so I'm not really sure how fast it's supposed to run. The thing I do notice is, upon restart the computer asks if you want to windows xp or the recovery console. I don't hit anything and just let it automatically select xp.

I should mention, I just ran a scan with super anti spyware and while it was finding some "threats" avg went off and said that it found 3 viruses. I decided to remove them as a power user. It removed them and I removed all the things that super anti spyware found. I also wanted to update his iexplorer and java/flash... but I wanted to wait for you before doing so. (I was also going to do the windows update, which entails updating to service pack 3, again I'll wait for your o.k. before doing so.)
« Last Edit: February 21, 2010, 06:26:49 PM by resevil83 »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer loggs off immidiately upon logon
« Reply #16 on: February 21, 2010, 06:48:40 PM »
Let's try updating with these steps

Afterwards: let's make sure your your copy of Adobe Flash player is updated
Go here and download the uninistaller for Flash
http://kb2.adobe.com/cps/141/tn_14157.html
Save the uninstaller to desktop
Ensure your Web Browsers are all closed
Double click on the uninstaller to Run it
Follow the prompts, it won't take long to run this tool

Leave your browser windows closed
Uninstall older versions of Sun Java
This includes:
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment Standard Edition v1.3.1_02

In addition, uninstall the following
Viewpoint Manager (Remove Only)
Viewpoint Media Player

I don't suspect you purposely installed SpyFighterPro
It's not a recommended tool, I would uninstall it also

Afterwards:
Double  click on OTL.exe and Run it
  • Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    Quote
    :OTL
    @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\sessmgr.setup.log:ugeihm
    @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\Prairie Wind.bmp:ouagzi
    @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\msoffice.ini:hlxtll
    @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\KB823980.log:ffmxyg
    @Alternate Data Stream - 197756 bytes -> C:\WINDOWS\rpalu.dat:bftvnk
    @Alternate Data Stream - 197756 bytes -> C:\WINDOWS\OEWABLog.txt:wtpbff
    @Alternate Data Stream - 197756 bytes -> C:\WINDOWS\KB282010.log:kibmwg
    @Alternate Data Stream - 13581 bytes -> C:\WINDOWS\regopt.log:jebpla
    @Alternate Data Stream - 13581 bytes -> C:\WINDOWS\ocgen.log:dsxndv
    @Alternate Data Stream - 13581 bytes -> C:\WINDOWS\jautoexp.dat:wkuapy
    @Alternate Data Stream - 13581 bytes -> C:\WINDOWS\hpomdl01.dat:cdjebm
    :Reg
    :Files
    C:\Program Files\SpyFighterPro
    :Commands
    [EmptyTemp]
    [Reboot]

  • Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted

Can you open your copy of Adobe Reader that's installed on this computer
Click on HELP>>CHECK FOR UPDATES
Install the updates, Recheck for updates till you have them all

Go to the following link in Internet Explorer
http://www.adobe.com/products/flashplayer/
UNTICK and toolbar or Security scan option and then proceed to install the latest version of Flash
Afterwards:
Let's get Firefox updated
Open Mozilla Firefox and choose HELP>>Check for Updates
Keep rechecking till it's right updated
Then use Firefox and again go to that Flash install link above and run the installer

[color=\"blue\"]Updating Java:[/color]
  • Download the latest version of  Java Runtime Environment (JRE) .
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select Windows,>>Check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.
After you have done the above, can you post back one last fresh Hijackthis log please

Quote
upon restart the computer asks if you want to windows xp or the recovery console
How long is the wait for it to automatic selection?
It's not a bad idea leaving the recovery console installed, but we can reduce the time for it to select Windows XP
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #17 on: February 21, 2010, 09:10:57 PM »
The screen on initial start up is there for approximately 2 seconds. It'd be nice if it would just go straight into windows. If we don't need to remove the recovery wizard that'd be fine by me. If you reccomend I remove it, then by all means.

The computer did seem to get a bit faster, especially right after I was done removing all those non-sense programs. Although the computer did slow back up a bit right after I uninstalled that spyware program you mentioned. AVG caught some new viruses while I was uninstalling that spyware program (spy fighter pro) I did the remove the viruses as a power user again. The virus results showed that the virues were a part of that program (spy fighter pro)

There's prob. a couple lingering virues or something, let me know here's the hijack this.


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 8:04:24 PM, on 2/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.webmap.niu.edu/campus/ACGM/Acgm.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7987 bytes
« Last Edit: February 21, 2010, 09:21:13 PM by resevil83 »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer loggs off immidiately upon logon
« Reply #18 on: February 21, 2010, 09:24:10 PM »
Can we just try one more scanner, let's see if anything else is hiding
Then we'll cleanup the tools we used, and disable a couple items on startup and see how things look

Download ComboFix from only this location
[color=\"#0000FF\"]Link 1[/color]

[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

With AVG9 please do the following:
To disable the Resident Shield, please:

    * Open AVG User Interface.
    * Double-click on the Resident Shield.
    * Un-tick the option Resident Shield active.
    * Save the changes.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer loggs off immidiately upon logon
« Reply #19 on: February 21, 2010, 09:56:42 PM »
ComboFix 10-02-21.02 - Owner 02/21/2010  20:33:25.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.631.296 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Install.dat
c:\documents and settings\Owner\Cookies\hpothb07.dat
C:\LOG.TXT
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\ps2.bat
c:\windows\system32\reboot.txt
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P


(((((((((((((((((((((((((   Files Created from 2010-01-22 to 2010-02-22  )))))))))))))))))))))))))))))))
.

2010-02-22 01:56 . 2010-02-22 01:56   --------   d-----w-   c:\program files\Common Files\Java
2010-02-22 01:56 . 2010-02-22 01:56   503808   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45ad170b-n\msvcp71.dll
2010-02-22 01:56 . 2010-02-22 01:56   348160   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45ad170b-n\msvcr71.dll
2010-02-22 01:56 . 2010-02-22 01:56   499712   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45ad170b-n\jmc.dll
2010-02-22 01:56 . 2010-02-22 01:56   61440   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2cf36390-n\decora-sse.dll
2010-02-22 01:56 . 2010-02-22 01:56   12800   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2cf36390-n\decora-d3d.dll
2010-02-22 01:56 . 2010-02-22 01:55   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-02-22 01:55 . 2010-02-22 01:55   --------   d-----w-   c:\program files\Java
2010-02-21 23:17 . 2010-02-21 23:17   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2010-02-21 21:37 . 2009-11-25 19:01   1230080   ----a-w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-21 20:34 . 2010-02-21 22:26   --------   d-----w-   C:\$AVG
2010-02-21 20:33 . 2010-02-21 20:33   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-02-21 20:33 . 2010-02-21 20:33   360584   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-02-21 20:33 . 2010-02-21 20:33   333192   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-02-21 20:33 . 2010-02-21 20:33   28424   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-02-21 20:33 . 2010-02-22 01:04   --------   d-----w-   c:\windows\system32\drivers\Avg
2010-02-21 20:33 . 2010-02-21 20:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-21 20:32 . 2010-02-21 20:32   --------   d-----w-   c:\program files\AVG
2010-02-21 20:32 . 2010-02-21 20:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-02-21 19:39 . 2010-02-21 19:39   --------   d-----w-   c:\program files\ESET
2010-02-21 09:46 . 2010-02-21 09:46   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
2010-02-21 09:45 . 2010-01-07 22:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 09:45 . 2010-02-21 09:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-21 09:45 . 2010-02-21 09:45   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-21 09:45 . 2010-01-07 22:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-18 02:05 . 2010-02-18 02:05   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-02-17 07:29 . 2010-02-17 07:29   388096   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-17 07:29 . 2010-02-17 07:29   --------   d-----w-   c:\program files\TrendMicro
2010-02-17 02:21 . 2010-02-12 18:48   546304   ----a-r-   C:\OTLPE.exe
2010-02-17 02:20 . 2010-02-17 02:20   --------   d-----w-   C:\_OTL
2010-02-14 06:45 . 2010-02-14 06:45   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2010-02-14 06:32 . 2010-02-14 06:32   52224   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-14 06:32 . 2010-02-21 22:03   117760   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-14 06:31 . 2010-02-14 06:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-14 06:31 . 2010-02-21 23:15   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-14 06:31 . 2010-02-14 06:31   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-02-14 06:31 . 2010-02-14 06:31   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-06 01:59 . 2010-02-06 01:59   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-06 01:54 . 2010-02-06 01:54   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 01:11 . 2004-11-07 21:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2010-02-21 19:50 . 2003-08-23 16:55   --------   d-----w-   c:\program files\AIM
2010-02-12 19:16 . 2004-09-15 23:34   97344   ----a-w-   c:\windows\system32\drivers\asctrm.sys
2010-02-12 19:12 . 2009-09-24 05:53   --------   d-----w-   c:\documents and settings\Owner\Application Data\uTorrent
2010-02-06 01:54 . 2003-09-30 02:52   --------   d-----w-   c:\program files\Google
2010-01-14 17:12 . 2009-10-02 23:00   181120   ------w-   c:\windows\system32\MpSigStub.exe
2009-12-31 16:14 . 2003-06-05 14:55   352640   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-22 05:42 . 2006-06-23 16:33   662016   ----a-w-   c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 07:56   81920   ------w-   c:\windows\system32\ieencode.dll
2009-12-16 12:58 . 2003-06-05 14:55   343040   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2003-06-05 15:13   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-12-04 14:41 . 2003-06-05 15:13   453760   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2005-10-04 00:58   17920   ----a-w-   c:\windows\system32\msyuv.dll
2009-11-27 17:33 . 2005-08-30 14:14   1291264   ----a-w-   c:\windows\system32\quartz.dll
2009-11-27 16:37 . 2003-06-05 15:13   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2003-06-05 14:55   28672   ----a-w-   c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2003-06-05 14:55   11264   ----a-w-   c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2001-08-18 05:36   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
2009-11-27 16:37 . 2001-08-18 05:36   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01   1230080   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhilipsLime"="c:\program files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 159744]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2006-01-13 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-21 20:33   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CompuServe 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CompuServe 7.0 Tray Icon.lnk
backup=c:\windows\pss\CompuServe 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47   57344   ----a-w-   c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 21:51   118784   ----a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpfsched]
2006-01-13 06:46   36864   ----a-w-   c:\windows\hpfsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 23:04   52736   ----a-w-   c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 21:55   155648   ----a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 03:02   61440   ----a-w-   c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
2005-09-15 05:12   520192   ----a-w-   c:\program files\Philips\Philips Device Manager\bin\DeviceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-08-01 03:28   81920   ----a-w-   c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-03-02 03:50   77824   ----a-w-   c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 04:42   212992   ----a-w-   c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/21/2010 2:33 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/21/2010 2:33 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/21/2010 2:32 PM 285392]
R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [9/24/1998 8:40 PM 52800]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 7:54 PM 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [1/14/2009 8:03 PM 18864]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2004-10-27 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4090807221.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 01:54]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 01:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: Email Removed\free
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\n32pxsq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BoundRec - Dest068.exe
MSConfigStartUp-con - c:\windows\xpupdate.exe
MSConfigStartUp-SAPSTR - MON76234.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_05\bin\jusched.exe
MSConfigStartUp-sysconf16 - runload32.exe
MSConfigStartUp-TRPT - startman.exe
MSConfigStartUp-WhenUSave - c:\program files\Save\Save.exe
MSConfigStartUp-Windows update loader - c:\windows\xpupdate.exe
AddRemove-PSD Tools ChannelUp - c:\program files\Common Files\PSD Tools\ChannelUp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 20:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\System32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\program files\Philips\Philips Lime Service\bin\Lime.exe
.
**************************************************************************
.
Completion time: 2010-02-21  20:55:04 - machine was rebooted
ComboFix-quarantined-files.txt  2010-02-22 02:55

Pre-Run: 16,121,839,616 bytes free
Post-Run: 16,034,734,080 bytes free

- - End Of File - - DE7E7D6722F5E364D5A6DFD8506655B2
Logged
Pages: [1] 2
« previous next »