Jump to content

Zabijecie

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Maniac, The same thing happens when i try to run tdsskiller as did aswMBR.exe. The mouse icon changes to loading and nothing happens. sigh, i appriciate your help. But it looks like i'll just have to get another computer. This one is beyond fixing. I am able to use it just not surf the web.
  2. Forgot to attach the OTL.txt file. Apologies. OTL.Txt
  3. As requested, OTL OTL logfile created on: 12/7/2011 9:47:37 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = D:\drivers Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.85% Memory free 3.84 Gb Paging File | 3.10 Gb Available in Paging File | 80.64% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.07 Gb Total Space | 27.13 Gb Free Space | 69.45% Space Free | Partition Type: NTFS Drive D: | 106.07 Gb Total Space | 72.38 Gb Free Space | 68.23% Space Free | Partition Type: NTFS Computer Name: YOUR-0D10610B06 | User Name: MSI | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet) PRC - C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.) PRC - D:\drivers\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\BitDefender\TrafficLight\bsserv.exe (BitDefender) PRC - C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\Browser Guard\BGUI.exe (Trend Micro Inc.) PRC - C:\Program Files\Process Blocker\Process Blocker.exe (Softros Systems, Inc.) PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) PRC - C:\Program Files\System Control Manager\MSIService.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_31\AS2\ashttprbl.mdl () MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_31\AS2\ashttpfr.mdl () MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_31\AS2\ashttpph.mdl () MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_31\AS2\ashttpbr.mdl () MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_31\AS2\ashttpdsp.mdl () MOD - \\?\C:\Program Files\BitDefender\TrafficLight\av32bit2011_6891\avxdisk.dll () MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_29\bdmetrics.dll () MOD - C:\Program Files\Immunet\3.0.5\dhr.dll () MOD - C:\Program Files\Immunet\3.0.5\dsp.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll () MOD - C:\Program Files\System Control Manager\MGKBHook.dll () MOD - C:\Program Files\System Control Manager\MSIService.exe () MOD - C:\Program Files\System Control Manager\MSIWmiAcpi.dll () MOD - C:\WINDOWS\system32\TosCommAPI.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (scan) -- C:\Program Files\Immunet\tetra\scan.dll (S.C. BitDefender S.R.L) SRV - (ImmunetProtect) -- C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.) SRV - (bsserv) -- C:\Program Files\BitDefender\TrafficLight\bsserv.exe (BitDefender) SRV - (Process Blocker) -- C:\Program Files\Process Blocker\Process Blocker.exe (Softros Systems, Inc.) SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe () SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (Trufos) -- C:\WINDOWS\system32\drivers\Trufos.sys (BitDefender S.R.L.) DRV - (ImmunetProtectDriver) -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys (Windows ® Win 7 DDK provider) DRV - (ImmunetSelfProtectDriver) -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys (Windows ® Win 7 DDK provider) DRV - (bdftdif_bs) -- C:\Program Files\BitDefender\TrafficLight\bdftdif.sys (BitDefender LLC) DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation ) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corporation) DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: FlashBlock = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\ CHR - Extension: Better Pop Up Blocker = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\ O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.) O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [immunet Protect] C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1353CF70-D9D9-4350-A8C6-894E03FA5623}: NameServer = 209.18.47.61,209.18.47.62 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/10/15 17:15:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/04 12:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Malwarebytes [2011/12/04 12:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/12/04 12:39:21 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/12/04 12:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/12/04 02:35:58 | 000,034,080 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys [2011/12/04 02:35:52 | 000,050,976 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys [2011/12/04 02:35:37 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys [2011/12/04 02:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet [2011/12/03 16:27:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011/12/03 15:13:22 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/12/03 15:08:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/12/03 15:08:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/12/03 15:08:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/12/03 15:08:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/12/03 15:07:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/12/03 14:53:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents\My Videos [2011/12/03 14:53:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos [2011/12/03 14:53:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Administrative Tools [2011/12/02 17:09:18 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2011/12/02 17:07:59 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2011/12/02 16:31:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2011/12/02 16:31:09 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe [2011/12/02 16:31:09 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2011/12/02 16:31:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2011/12/01 21:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\vlc [2011/12/01 19:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\uTorrent [2011/12/01 19:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\uTorrent [2011/12/01 01:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2011/12/01 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Browser Guard [2011/12/01 01:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/12/01 01:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Browser Guard [2011/12/01 01:06:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/12/01 01:04:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\Application Data\Microsoft [2011/12/01 01:04:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\Cookies [2011/12/01 01:04:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\Application Data [2011/12/01 01:04:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Favorites [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Toshiba [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft Help [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\InstallShield [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Identities [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Desktop [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Adobe [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Adobe [2011/12/01 01:04:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\SendTo [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Startup [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents\My Pictures [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents\My Music [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Accessories [2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\Templates [2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\PrintHood [2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\NetHood [2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\Local Settings [2011/12/01 01:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\WinRAR [2011/12/01 01:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\My Documents\Bluetooth [2011/12/01 01:01:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011/12/01 00:51:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\RE_DRIVE [2011/12/01 00:00:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\Recent [2011/11/30 23:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/11/30 23:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Immunet [2011/11/30 23:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Immunet [2011/11/30 23:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender [2011/11/30 23:33:31 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2011/11/30 23:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\My Documents\Downloads [2011/11/30 23:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Macromedia [2011/11/30 23:10:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\UserData [2011/11/30 23:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Process Blocker [2011/11/30 23:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Google [2011/11/30 23:08:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2011/11/30 23:07:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/07 21:13:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005UA.job [2011/12/07 17:24:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/07 17:24:16 | 2136,268,800 | -HS- | M] () -- C:\hiberfil.sys [2011/12/06 23:13:02 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005Core.job [2011/12/04 12:39:44 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/04 12:23:28 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/12/04 12:23:28 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/12/04 02:46:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/12/04 02:43:11 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\MSI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/04 02:39:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/12/04 02:35:31 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys [2011/12/04 02:35:30 | 000,050,976 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys [2011/12/04 02:35:30 | 000,034,080 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys [2011/12/03 21:52:59 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/01 01:04:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/01 01:03:59 | 000,001,215 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2011/12/01 01:02:58 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2011/12/01 01:02:15 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2011/11/30 23:33:30 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2011/11/30 23:11:05 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\MSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/04 12:39:44 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/03 21:38:20 | 2136,268,800 | -HS- | C] () -- C:\hiberfil.sys [2011/12/03 15:13:25 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/12/03 15:08:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/12/03 15:08:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/12/03 15:08:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/12/03 15:08:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/12/03 15:08:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/12/03 15:05:07 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\MSI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/02 16:31:34 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011/12/01 01:04:22 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Remote Assistance.lnk [2011/12/01 01:04:22 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Windows Media Player.lnk [2011/12/01 01:04:22 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Internet Explorer.lnk [2011/12/01 01:04:22 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Outlook Express.lnk [2011/12/01 01:02:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2011/11/30 23:10:12 | 000,002,256 | ---- | C] () -- C:\Documents and Settings\MSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/11/30 23:08:58 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005UA.job [2011/11/30 23:08:57 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005Core.job [2008/10/15 21:37:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/10/15 19:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2008/10/15 18:00:08 | 006,184,960 | R--- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll [2008/10/15 17:58:58 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/10/15 17:57:11 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2008/10/15 17:18:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/10/15 17:13:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/10/15 16:59:25 | 000,001,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/10/15 16:59:17 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/10/15 16:59:17 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/10/15 16:59:17 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/10/15 16:59:17 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/10/15 16:59:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/10/15 16:59:16 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008/10/15 16:59:16 | 000,004,628 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008/10/15 16:59:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008/10/15 16:59:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/10/15 16:59:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/10/15 16:59:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/10/15 16:59:10 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/10/15 10:07:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/10/15 10:06:04 | 000,259,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll ========== LOP Check ========== [2008/10/15 19:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2011/11/30 23:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MSI\Application Data\Immunet [2011/12/04 02:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MSI\Application Data\uTorrent ========== Purity Check ========== < End of report > It did not give me an Extras log this time...
  4. maniac, i've tried again in normal mode, ran overnight. Still stuck on the same screen...
  5. Maniac, I've ran Combofix 2 times upon logon, and once in safe mode for about 3 hours each. But the program does not get past the attached image screen. It installs the windows recovery and sets a restore point, but nothing else. Should this be ran for over 3 hours?
  6. Maniac, Thank you for getting back to me so promtply, much appriciated. Below are the requested log files from OTL. However, aswMBR.exe does not work/run. I have downloaded the file twice, and restarted my computer. The program changes my cursor to a loading type, but nothing else happens. The task manager remains unaffected. Disabled my protection while trying to open it as well, still nothing. Everything else was done as instructed, i did leave this browser window open to read the instructions while doing the scans. Thanks again, ZabijeCie (OTL - Also attached) OTL logfile created on: 12/1/2011 4:38:55 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = D:\drivers Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.20% Memory free 3.84 Gb Paging File | 3.33 Gb Available in Paging File | 86.68% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.07 Gb Total Space | 27.67 Gb Free Space | 70.84% Space Free | Partition Type: NTFS Drive D: | 106.07 Gb Total Space | 73.20 Gb Free Space | 69.01% Space Free | Partition Type: NTFS Computer Name: YOUR-0D10610B06 | User Name: MSI | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\drivers\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet) PRC - C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.) PRC - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\BitDefender\TrafficLight\bsserv.exe (BitDefender) PRC - C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\Browser Guard\BGUI.exe (Trend Micro Inc.) PRC - C:\Program Files\Process Blocker\Process Blocker.exe (Softros Systems, Inc.) PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) PRC - C:\Program Files\System Control Manager\MSIService.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_1\AS2\ashttprbl.mdl () MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_1\AS2\ashttpph.mdl () MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_1\AS2\ashttpfr.mdl () MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_1\AS2\ashttpbr.mdl () MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11_1\AS2\ashttpdsp.mdl () MOD - \\?\C:\Program Files\BitDefender\TrafficLight\av32bit2011_6810\avxdisk.dll () MOD - C:\Program Files\BitDefender\TrafficLight\Plugins_11\bdmetrics.dll () MOD - C:\Program Files\Immunet\3.0.5\dhr.dll () MOD - C:\Program Files\Immunet\3.0.5\dsp.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll () MOD - C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll () MOD - C:\Program Files\System Control Manager\MGKBHook.dll () MOD - C:\Program Files\System Control Manager\MSIService.exe () MOD - C:\Program Files\System Control Manager\MSIWmiAcpi.dll () MOD - C:\Program Files\WinRAR 3.61 Multi\RarExt.dll () MOD - C:\WINDOWS\system32\TosCommAPI.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (scan) -- C:\Program Files\Immunet\tetra\scan.dll (S.C. BitDefender S.R.L) SRV - (ImmunetProtect) -- C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.) SRV - (bsserv) -- C:\Program Files\BitDefender\TrafficLight\bsserv.exe (BitDefender) SRV - (Process Blocker) -- C:\Program Files\Process Blocker\Process Blocker.exe (Softros Systems, Inc.) SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe () SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (Trufos) -- C:\WINDOWS\system32\drivers\Trufos.sys (BitDefender S.R.L.) DRV - (ImmunetProtectDriver) -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys (Windows ® Win 7 DDK provider) DRV - (ImmunetSelfProtectDriver) -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys (Windows ® Win 7 DDK provider) DRV - (bdftdif_bs) -- C:\Program Files\BitDefender\TrafficLight\bdftdif.sys (BitDefender LLC) DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation ) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corporation) DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Better Pop Up Blocker = C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\ O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.) O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [immunet Protect] C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.) O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1353CF70-D9D9-4350-A8C6-894E03FA5623}: NameServer = 209.18.47.61,209.18.47.62 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/10/15 17:15:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/01 01:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2011/12/01 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Browser Guard [2011/12/01 01:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/12/01 01:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Browser Guard [2011/12/01 01:06:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/12/01 01:04:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\Application Data\Microsoft [2011/12/01 01:04:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\Cookies [2011/12/01 01:04:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\Application Data [2011/12/01 01:04:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Favorites [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Toshiba [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft Help [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Microsoft [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\InstallShield [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Identities [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Desktop [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Adobe [2011/12/01 01:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Adobe [2011/12/01 01:04:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\SendTo [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Startup [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents\My Pictures [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents\My Music [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\My Documents [2011/12/01 01:04:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Accessories [2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\Templates [2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\PrintHood [2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\NetHood [2011/12/01 01:04:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MSI\Local Settings [2011/12/01 01:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\WinRAR [2011/12/01 01:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\My Documents\Bluetooth [2011/12/01 01:01:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011/12/01 00:51:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\RE_DRIVE [2011/12/01 00:00:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MSI\Recent [2011/11/30 23:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/11/30 23:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Immunet [2011/11/30 23:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Immunet [2011/11/30 23:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Immunet 3.0 [2011/11/30 23:46:45 | 000,034,080 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys [2011/11/30 23:46:40 | 000,050,976 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys [2011/11/30 23:46:34 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys [2011/11/30 23:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet [2011/11/30 23:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender [2011/11/30 23:33:31 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2011/11/30 23:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\My Documents\Downloads [2011/11/30 23:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Application Data\Macromedia [2011/11/30 23:10:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MSI\UserData [2011/11/30 23:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Process Blocker [2011/11/30 23:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Start Menu\Programs\Process Blocker [2011/11/30 23:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MSI\Local Settings\Application Data\Google [2011/11/30 23:08:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2011/11/30 23:07:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/01 16:23:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/01 16:23:24 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/01 16:23:23 | 2136,268,800 | -HS- | M] () -- C:\hiberfil.sys [2011/12/01 01:07:17 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/12/01 01:07:17 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/12/01 01:04:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/01 01:03:59 | 000,001,215 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2011/12/01 01:03:52 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2011/12/01 01:02:58 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2011/12/01 01:02:15 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2011/12/01 00:13:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005UA.job [2011/11/30 23:46:32 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys [2011/11/30 23:46:31 | 000,050,976 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys [2011/11/30 23:46:31 | 000,034,080 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys [2011/11/30 23:33:30 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2011/11/30 23:13:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005Core.job [2011/11/30 23:11:05 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\MSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/01 01:04:22 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Remote Assistance.lnk [2011/12/01 01:04:22 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Windows Media Player.lnk [2011/12/01 01:04:22 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Internet Explorer.lnk [2011/12/01 01:04:22 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\MSI\Start Menu\Programs\Outlook Express.lnk [2011/12/01 01:02:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2011/12/01 01:00:18 | 2136,268,800 | -HS- | C] () -- C:\hiberfil.sys [2011/11/30 23:10:12 | 000,002,256 | ---- | C] () -- C:\Documents and Settings\MSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/11/30 23:08:58 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005UA.job [2011/11/30 23:08:57 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1705124405-1315108835-361535792-1005Core.job [2008/10/15 21:37:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/10/15 19:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2008/10/15 18:00:08 | 006,184,960 | R--- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll [2008/10/15 17:58:58 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/10/15 17:57:11 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2008/10/15 17:18:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/10/15 17:13:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/10/15 16:59:25 | 000,001,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/10/15 16:59:17 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/10/15 16:59:17 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/10/15 16:59:17 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/10/15 16:59:17 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/10/15 16:59:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/10/15 16:59:16 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008/10/15 16:59:16 | 000,004,628 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008/10/15 16:59:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008/10/15 16:59:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/10/15 16:59:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/10/15 16:59:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/10/15 16:59:10 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/10/15 10:07:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/10/15 10:06:04 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll ========== LOP Check ========== [2008/10/15 19:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2011/11/30 23:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MSI\Application Data\Immunet ========== Purity Check ========== < End of report > (OTL Extras - Also Attached) OTL Extras logfile created on: 12/1/2011 4:38:55 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = D:\drivers Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.20% Memory free 3.84 Gb Paging File | 3.33 Gb Available in Paging File | 86.68% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.07 Gb Total Space | 27.67 Gb Free Space | 70.84% Space Free | Partition Type: NTFS Drive D: | 106.07 Gb Total Space | 73.20 Gb Free Space | 69.01% Space Free | Partition Type: NTFS Computer Name: YOUR-0D10610B06 | User Name: MSI | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2FC1B3A7-9BD2-48B2-B05E-43243C72FFB7}" = Process Blocker "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{59D4C823-ABAC-4E3D-B624-C3678B873227}" = BitDefender TrafficLight "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AE395DB-6BC3-4CA9-B894-351CB8DE915A}" = BurnRecovery "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 "{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32 "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader "{D4ADDB2A-EE3C-41A7-88DF-99333DAE18E3}" = Browser Guard v3.0 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "4E1F54FAB25DB3EE9094949BF3DFDCF6E1CF07E6" = Windows Driver Package - Realtek (rtl8187Se) Net (07/10/2008 5.9067.0710.2008) "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "BitDefender TrafficLight" = BitDefender TrafficLight "CCleaner" = CCleaner "E0E22E828DBDB1F29F3D91CF328727F39AF8062B" = Windows Driver Package - Atheros (AR5416) Net (04/08/2008 7.6.0.200) "E920DD3E0FC6CCFF23A10B3AF7C6DC99BA39648C" = Windows Driver Package - Ralink Technology, Corp. (RT80x86) Net (05/19/2008 1.01.03.0000) "HDMI" = Intel® Graphics Media Accelerator Driver "Immunet Protect" = Immunet 3.0 "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE "PROHYBRIDR" = 2007 Microsoft Office system "VLC media player" = VLC media player 1.1.11 "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ System Events ] Error - 12/1/2011 5:29:46 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 12/1/2011 5:31:46 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 12/1/2011 5:33:47 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 12/1/2011 5:34:18 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 12/1/2011 5:36:18 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 12/1/2011 5:38:18 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 12/1/2011 5:38:49 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 12/1/2011 5:40:49 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 12/1/2011 5:42:49 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 12/1/2011 5:43:20 PM | Computer Name = YOUR-0D10610B06 | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. < End of report > aswMBR.exe - could not get the file open OTL.Txt Extras.Txt
  7. First off, Hello! I am grateful you are taking the time to look into this as i've spent over 3 days trying to figure this out to no avail Background: Was on a tv-links webpage trying to watch a show on megavideo through Firefox browser, when a fake AV security software was installed on my computer. I got rid of it, however my system has been slow ever since. So i did the following: Windows XP, SP3. MSI WIND netbook computer. Scanned with malewarebytes, Nothing Scanned with AVG, Nothing Scanned with Microsoft Security Essentials, Nothing Scanned with Avast, Nothing. Randomly my task manager says a process called "IEXPLORE.EXE" takes up my cpu and memory like no other. When i end the task, everything resumes, but it comes back within a few minutes. I am currently using "process blocker" to stop this, however i still get re-directs on webpages randomly. I did a format recovery of the OS three times, yet the problem is re-occuring. Below is my HIJACK THIS log. I would be grateful if someone could give me some pointers as to how to protect myself from another browser attack, that is stop random software from being installed on my computer. Thanks again, -ZabijeCie Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:24:42 PM, on 11/30/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\System Control Manager\MSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Trend Micro\Browser Guard\BGUI.exe C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe C:\Program Files\Process Blocker\Process Blocker.exe C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msi.com.tw/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEGBH0 - {9F3209E2-334B-41E9-B09C-703F398742E7} - (no file) O2 - BHO: TMIEGBHO - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [Trend Micro Browser Guard] "C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\MSI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Bluetooth Manager.lnk = ? O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw O17 - HKLM\System\CCS\Services\Tcpip\..\{1353CF70-D9D9-4350-A8C6-894E03FA5623}: NameServer = 209.18.47.61,209.18.47.62 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe O23 - Service: Process Blocker - Softros Systems, Inc. - C:\Program Files\Process Blocker\Process Blocker.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 4687 bytes hijackthis.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.