View Full Version : Search Result Links Hijacked
After I perform a Google search in Internet Explorer the resulting links redirect me to "search" sites "infomash", "happili", and "jazinga".
Running Spybot results in "CoolwwwSearch.OleHelp". It seems to fix it, but the problem recurrs after a restart.
CA Security Center scan revealed "Trojan.Win32.Startpage.my". It removes it but recurrs as well after restart.
I have even tried to remove it in safe mode.
My son feels it might have been included in one of his Neverwinter Nights modding content.
Thank you for your help!
DDS (Ver_10-11-05.01) - NTFSx86
Run by Owner at 20:24:40.21 on Sat 11/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1311 [GMT -4:00]
AV: CA Anti-Virus Plus *On-access scanning disabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}
============== Running Processes ===============
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\shell.exe
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
"C:\Documents and Settings\Owner\Application Data\Microsoft\svchost.exe"
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\dwm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.velocitymicro.com/warrantysignup
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = ddo.com;turbine.com;12.130.63;206
uWinlogon: Shell=explorer.exe,c:\documents and settings\owner\application data\microsoft\windows\shell.exe
uWindows: Load=c:\docume~1\owner\locals~1\temp\dwm.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [Nero PhotoShow Media Manager] c:\progra~1\nero\neroph~1\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [gStart] c:\garmin\gStart.exe
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [Alcmtr] "c:\windows\ALCMTR.EXE"
mRun: [AzMixerSel] "c:\program files\realtek\installshield\AzMixerSel.exe"
mRun: [tsnp2std] "c:\windows\system32\tsnp2std.exe"
mRun: [snp2std] "c:\windows\vsnp2std.exe"
mRun: [OmniPass] "c:\program files\softex\omnipass\scureapp.exe"
mRun: [AGRSMMSG] "c:\windows\AGRSMMSG.exe"
mRun: [Sidewalker] "c:\program files\compal electronics, inc\sidewalker\CSWalker.exe"
mRun: [Smart Watch Dog] -c:\program files\compal electronics, inc\smart watchdog\SmartWD.exe
mRun: [KTPWare] "c:\program files\elantech\ktp.exe"
mRun: [CASS] "c:\program files\compal electronics, inc\wireless select switch\Wireless Select Switch.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [InCD] "c:\program files\ahead\incd\InCD.exe"
mRun: [HPDJ Taskbar Utility] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [svchost] c:\documents and settings\owner\application data\microsoft\svchost.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\program files\common files\dataviz\DvzIncMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178653213140
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180714239625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://webvpn.uhmc.sunysb.edu/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn.uhmc.sunysb.edu/dana-cached/sc/JuniperSetupClient.cab
Notify: IfxWlxEN - IfxWlxEN.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2010-9-17 135248]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2010-5-3 108112]
R1 CPEb;CPEb;c:\windows\system32\drivers\CPEb.sys [2006-2-23 8192]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2010-3-22 79864]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2010-9-24 61008]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2010-9-24 115792]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2010-10-29 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-9-18 212992]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-9-18 206160]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2010-9-24 146000]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2010-9-24 61008]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\compal electronics, inc\smart watchdog\SWDsvc.exe [2006-3-24 106496]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-5-12 1174152]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2010-8-24 740160]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2010-9-17 301648]
R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2010-9-18 2347760]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2010-9-18 1377008]
R3 CamFilter;CamFilter;c:\windows\system32\drivers\CamFilter.sys [2006-9-12 15872]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-9-12 36352]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2010-6-9 244304]
S3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\displaylinkmirrorport.sys --> c:\windows\system32\drivers\DisplayLinkmirrorport.sys [?]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2004-12-10 30336]
=============== Created Last 30 ================
2010-11-06 21:32:24 102912 ----a-w- c:\docume~1\owner\applic~1\microsoft\svchost.exe
2010-10-30 20:15:30 113152 ----a-w- c:\docume~1\owner\applic~1\microsoft\windows\shell.exe
2010-10-30 01:01:22 -------- d-----w- c:\windows\Y6EMU2AIPX4BJQY5
2010-10-30 01:01:22 -------- d-----w- c:\windows\U2AIQY5DLT08GOV3
2010-10-30 01:01:22 -------- d-----w- c:\windows\T19HOW3BJRZ7FMU2
2010-10-30 01:01:22 -------- d-----w- c:\windows\R08GOW4CJRZ6EMT1
2010-10-30 01:01:22 -------- d-----w- c:\windows\QY5DLS08FNV3BIQX
2010-10-30 01:01:22 -------- d-----w- c:\windows\ENV3BJRZ7EMT18GN
2010-10-30 01:01:21 -------- d-----w- c:\windows\X5DLS08GOV3BJQY6
2010-10-30 01:01:21 -------- d-----w- c:\windows\W5DLT18GOV3BIPW4
2010-10-30 01:01:21 -------- d-----w- c:\windows\8GNV3AIQX5DKS07F
2010-10-30 01:01:21 -------- d-----w- c:\windows\5DLT08GNV2AHPW4C
2010-10-30 00:37:00 -------- d-----w- c:\docume~1\owner\applic~1\.minecraft
2010-10-30 00:29:29 -------- d-----w- c:\windows\U2AIPX5CKSZ7ELT1
2010-10-30 00:29:29 -------- d-----w- c:\windows\OX4BJRZ6EMT19HOW
2010-10-30 00:29:29 -------- d-----w- c:\windows\MU29HPX5CKRZ7ELT
2010-10-23 13:10:06 -------- d-----w- c:\docume~1\owner\applic~1\Turbine
2010-10-23 12:59:16 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Turbine
2010-10-23 12:42:08 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-10-23 12:42:04 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-10-23 12:41:41 -------- d-----w- c:\windows\Logs
2010-10-23 12:28:53 -------- d-----w- c:\program files\Turbine
2010-10-22 20:30:45 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PMB Files
2010-10-22 20:30:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2010-10-22 20:18:49 -------- d-----w- c:\program files\Pando Networks
2010-10-13 17:36:44 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 17:36:44 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 17:36:29 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
==================== Find3M ====================
2010-10-30 00:25:35 1054032 ----a-w- c:\windows\system32\cfgmig32.dll
2010-10-30 00:25:28 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-10-30 00:25:28 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-09-24 15:16:18 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 15:16:18 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 12:37:00 7 ----a-w- c:\windows\system32\mkghj.dll
2010-09-18 12:30:44 5845744 ----a-w- c:\windows\system32\win32cpr.dll
2010-09-18 12:30:42 1872624 ----a-w- c:\windows\system32\winsflt.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2008-08-14 16:51:30 3306678 ----a-w- c:\program files\pebuilder3110a.exe
============= FINISH: 20:26:01.45 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Sorry for the delay but we get kind of busy on this forum and sometime we cant get to logs as fast as we would like to.
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
ken545,
Thank you for your help.
After running TFC I recived the following message on restart:
Windows cannot find 'C:\DOCUME~1\Owner\LOCAL~1\Temp\dwm.exe' make sure you type the name correctly....etc
Ater clicking ok recieved:
Could not load or run 'as above" make sure the file exists on your computer or remove the reference to it in the registry
Link 2 for Combofix was redirected! Link 1 only downloaded about 373K. Copied from another computer. Despite being "snoozed" my antivirus from CA kept blocking Combofix so I had to uninstall it.
Here's the log:
ComboFix 10-11-12.06 - Owner 11/13/2010 17:20:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1440 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\Microsoft\stor.cfg
c:\documents and settings\Owner\Application Data\Microsoft\svchost.exe
c:\documents and settings\Owner\Application Data\Microsoft\Windows\shell.exe
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\npf.sys
c:\windows\system32\mkghj.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\zip32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.
2010-11-07 00:14 . 2010-11-07 00:14 -------- d-----w- c:\program files\ERUNT
2010-11-06 14:34 . 2010-11-06 14:34 -------- d-----w- c:\documents and settings\Administrator
2010-10-30 01:01 . 2010-10-30 01:01 -------- d-----w- c:\windows\Y6EMU2AIPX4BJQY5
2010-10-30 01:01 . 2010-10-30 01:01 -------- d-----w- c:\windows\U2AIQY5DLT08GOV3
2010-10-30 01:01 . 2010-10-30 01:01 -------- d-----w- c:\windows\T19HOW3BJRZ7FMU2
2010-10-30 01:01 . 2010-10-30 01:01 -------- d-----w- c:\windows\R08GOW4CJRZ6EMT1
2010-10-30 01:01 . 2010-10-30 01:01 -------- d-----w- c:\windows\QY5DLS08FNV3BIQX
2010-10-30 01:01 . 2010-10-30 01:01 -------- d-----w- c:\windows\ENV3BJRZ7EMT18GN
2010-10-30 01:01 . 2010-10-30 01:01 -------- d-----w- c:\windows\X5DLS08GOV3BJQY6
2010-10-30 01:01 . 2010-10-30 01:01 -------- d-----w- c:\windows\W5DLT18GOV3BIPW4
2010-10-30 01:01 . 2010-10-30 01:01 -------- d-----w- c:\windows\8GNV3AIQX5DKS07F
2010-10-30 01:01 . 2010-10-30 01:01 -------- d-----w- c:\windows\5DLT08GNV2AHPW4C
2010-10-30 00:37 . 2010-10-30 00:37 -------- d-----w- c:\documents and settings\Owner\Application Data\.minecraft
2010-10-30 00:29 . 2010-10-30 00:29 -------- d-----w- c:\windows\U2AIPX5CKSZ7ELT1
2010-10-30 00:29 . 2010-10-30 00:29 -------- d-----w- c:\windows\OX4BJRZ6EMT19HOW
2010-10-30 00:29 . 2010-10-30 00:29 -------- d-----w- c:\windows\MU29HPX5CKRZ7ELT
2010-10-23 13:10 . 2010-10-23 13:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Turbine
2010-10-23 12:59 . 2010-10-23 13:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Turbine
2010-10-23 12:42 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-10-23 12:42 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-10-23 12:41 . 2010-10-23 12:41 -------- d-----w- c:\windows\Logs
2010-10-23 12:28 . 2010-10-23 12:28 -------- d-----w- c:\program files\Turbine
2010-10-22 20:30 . 2010-10-24 05:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PMB Files
2010-10-22 20:30 . 2010-10-22 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-10-22 20:18 . 2010-10-22 20:18 -------- d-----w- c:\program files\Pando Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-30 00:25 . 2010-09-18 12:31 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-10-30 00:25 . 2010-09-18 12:31 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-09-18 16:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:50 . 2010-05-05 14:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 06:29 . 2007-07-10 19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-17 14:39 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2008-08-14 16:51 . 2008-08-14 16:51 3306678 ----a-w- c:\program files\pebuilder3110a.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-11-18 249856]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidewalker"="c:\program files\Compal Electronics" [X]
"Smart Watch Dog"="-c:\program files\Compal Electronics" [X]
"CASS"="c:\program files\Compal Electronics" [X]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2006-04-17 16143872]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"tsnp2std"="c:\windows\system32\tsnp2std.exe" [2006-03-31 126976]
"snp2std"="c:\windows\vsnp2std.exe" [2005-10-20 339968]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-04-19 2084864]
"AGRSMMSG"="c:\windows\AGRSMMSG.exe" [2005-12-12 88204]
"KTPWare"="c:\program files\Elantech\ktp.exe" [2006-03-27 512000]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-14 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-07 8462336]
"nwiz"="nwiz.exe" [2007-08-07 1626112]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-6-4 28672]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2010-10-2 344064]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-3-4 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2005-11-29 09:43 393216 ----a-w- c:\windows\system32\IfxWlxEN.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-04-19 16:08 49152 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58810:TCP"= 58810:TCP:Pando Media Booster
"58810:UDP"= 58810:UDP:Pando Media Booster
R1 CPEb;CPEb;c:\windows\system32\drivers\CPEb.sys [2/23/2006 5:21 PM 8192]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [11/29/2005 5:50 AM 36768]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe [3/24/2006 10:15 AM 106496]
R3 CamFilter;CamFilter;c:\windows\system32\drivers\CamFilter.sys [9/12/2006 3:04 PM 15872]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [9/12/2006 2:42 PM 36352]
S3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\DRIVERS\DisplayLinkmirrorport.sys --> c:\windows\system32\DRIVERS\DisplayLinkmirrorport.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.velocitymicro.com/warrantysignup
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = ddo.com;turbine.com;12.130.63;206
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn.uhmc.sunysb.edu/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{0123B506-0AD9-43AA-B0CF-916C122AD4C5} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 17:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4116701101-774389-4000467072-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:93,2b,73,b5,a2,e2,e8,06,e5,13,27,e6,3b,90,37,c2,fa,ef,21,22,93,82,5f,
4a,e7,a7,65,23,71,c4,f3,9c,d7,5d,09,73,f8,53,a8,bd,16,ef,4d,b9,19,b6,34,c1,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
[HKEY_USERS\S-1-5-21-4116701101-774389-4000467072-1003\Software\SecuROM\License information*]
"datasecu"=hex:e0,b9,74,d6,19,07,1d,9d,26,b0,0a,1d,46,d2,22,bf,b1,85,b8,62,01,
00,04,ad,b3,30,06,09,1b,ec,08,d8,3c,d3,9d,0a,a6,84,e7,ae,aa,82,09,d2,4c,84,\
"rkeysecu"=hex:cf,a5,92,f0,14,dc,1b,09,ed,27,f7,83,97,20,62,78
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1276)
c:\program files\Softex\OmniPass\opxpgina.dll
c:\windows\system32\IfxWlxEN.dll
- - - - - - - > 'explorer.exe'(3032)
c:\windows\system32\WININET.dll
c:\program files\Softex\OmniPass\SCUREDLL.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\program files\Infineon\Security Platform Software\PSDsrvc.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wwSecure.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\program files\Compal Electronics, INC\Sidewalker\CSWalker.exe
c:\program files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-11-13 17:31:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-13 22:31
Pre-Run: 21,165,776,896 bytes free
Post-Run: 21,190,553,600 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
- - End Of File - - 19C07067E290F56DCC162A4A574D8176
Thank you again,
Ted B.
Hello Ted,
That file thats giving you the error is a virus, we can deal with that in a bit.
Your Combofix log takes a while to research so in the meantime run this program and post the log.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Then run this scan and post the log please
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
ken545,
Here is the Malwarebytes and OTL logs.
Thanks again.
Ted B.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5110
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/13/2010 6:33:52 PM
mbam-log-2010-11-13 (18-33-52).txt
Scan type: Quick scan
Objects scanned: 149365
Time elapsed: 5 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL logfile created on: 11/13/2010 6:39:30 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 19.84 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
Computer Name: L80X | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
PRC - C:\Garmin\gStart.exe (GARMIN Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Softex\OmniPass\OPXPApp.exe ()
PRC - C:\Program Files\Softex\OmniPass\scureapp.exe ()
PRC - C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe ()
PRC - C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe ()
PRC - C:\WINDOWS\system32\tsnp2std.exe ()
PRC - C:\Program Files\Elantech\Ktp.exe (ELANTECH Devices Corp.)
PRC - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG)
PRC - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)
PRC - C:\Program Files\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\wwSecure.exe (Webroot Software, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Softex\OmniPass\scuredll.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (omniserv) -- C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (Smart Watchdog) -- C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
SRV - (PersonalSecureDriveService) -- C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (wwSecSvc) -- C:\WINDOWS\system32\wwSecure.exe (Webroot Software, Inc.)
========== Driver Services (SafeList) ==========
DRV - (DisplayLinkmirror) -- C:\WINDOWS\System32\DRIVERS\DisplayLinkmirrorport.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CamFilter) -- C:\WINDOWS\system32\drivers\CamFilter.sys (Compal Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (Ktp) -- C:\WINDOWS\system32\drivers\Ktp.sys (ELANTECH Devices Corp.)
DRV - (CPEb) -- C:\WINDOWS\system32\drivers\CPEb.sys (Compal)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ddo.com;turbine.com;12.130.63;206
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
O1 HOSTS File: ([2010/11/13 17:27:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe ()
O4 - HKLM..\Run: [Smart Watch Dog] C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\System32\tsnp2std.exe ()
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178653213140 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180714239625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://webvpn.uhmc.sunysb.edu/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webvpn.uhmc.sunysb.edu/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/12 14:00:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/13 18:37:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/13 18:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/11/13 18:27:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 18:27:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/13 18:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 18:26:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/11/13 17:18:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/13 17:16:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/13 17:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/13 17:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/13 17:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/13 17:12:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/13 16:50:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/11/06 19:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/06 19:15:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/06 19:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/06 19:12:31 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2010/11/02 16:12:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/02 16:12:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/02 16:12:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Y6EMU2AIPX4BJQY5
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\U2AIQY5DLT08GOV3
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\T19HOW3BJRZ7FMU2
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\R08GOW4CJRZ6EMT1
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\QY5DLS08FNV3BIQX
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ENV3BJRZ7EMT18GN
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\X5DLS08GOV3BJQY6
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\W5DLT18GOV3BIPW4
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\8GNV3AIQX5DKS07F
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\5DLT08GNV2AHPW4C
[2010/10/29 19:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\U2AIPX5CKSZ7ELT1
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\OX4BJRZ6EMT19HOW
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\MU29HPX5CKRZ7ELT
[2010/10/23 08:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/10/23 08:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Dungeons and Dragons Online
[2010/10/23 08:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Turbine
[2010/10/23 07:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Turbine
[2010/10/23 07:42:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/10/23 07:42:04 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/10/23 07:41:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/10/23 07:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010/10/22 15:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PMB Files
[2010/10/22 15:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/10/22 15:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2008/08/14 11:51:23 | 003,306,678 | ---- | C] (Bart Lagerweij ) -- C:\Program Files\pebuilder3110a.exe
[2006/09/12 15:00:33 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2006/09/12 15:00:33 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/13 18:37:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/13 18:27:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 18:26:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/11/13 18:05:06 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/11/13 18:04:41 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/13 18:04:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 17:27:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/13 17:25:54 | 000,244,348 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/11/13 17:18:38 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2010/11/13 17:05:48 | 003,909,080 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/11/13 16:50:24 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/11/10 17:14:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/08 19:42:07 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2010/11/08 18:52:53 | 027,222,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Money.mny
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 04:38:46 | 000,441,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 04:38:46 | 000,071,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 21:47:13 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware Removal - Safer-Networking Forums.url
[2010/11/06 19:29:28 | 000,005,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/11/06 19:17:56 | 000,629,248 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.com
[2010/11/06 19:14:05 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/11/06 19:13:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2010/11/06 18:42:40 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\safer networking.doc
[2010/11/01 10:07:36 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/11/01 10:07:34 | 000,000,057 | ---- | M] () -- C:\WINDOWS\WinInit.Ini
[2010/10/31 21:31:02 | 000,179,200 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\- Getting Started Tips -.doc
[2010/10/31 15:57:59 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Citrix.url
[2010/10/29 19:25:28 | 000,128,336 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
[2010/10/29 19:25:28 | 000,095,568 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll
[2010/10/23 07:59:28 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/10/23 07:41:38 | 000,001,716 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DDO Unlimited.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/13 18:27:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 17:18:38 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2010/11/13 17:18:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/13 17:16:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/13 17:16:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/13 17:16:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/13 17:16:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/13 17:16:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/13 17:06:56 | 003,909,080 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/11/06 21:47:13 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware Removal - Safer-Networking Forums.url
[2010/11/06 19:29:28 | 000,005,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/11/06 19:17:55 | 000,629,248 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.com
[2010/11/06 19:14:05 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/11/06 18:42:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\safer networking.doc
[2010/11/01 10:07:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2010/10/23 07:59:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/10/23 07:41:38 | 000,001,716 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DDO Unlimited.lnk
[2010/10/02 07:51:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2010/10/02 07:40:37 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2010/10/02 07:40:29 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2010/10/02 07:40:29 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/22 20:01:44 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/29 00:16:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/29 00:16:05 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/29 00:16:05 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/29 00:16:05 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/14 23:39:50 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/02/15 06:32:59 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/02/15 06:32:57 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/01/12 13:58:57 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/03 09:10:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/11/26 17:06:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/04 07:42:11 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/22 15:45:34 | 000,012,995 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft Excel.CAL
[2007/08/20 12:16:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DcmLtbox.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/10 06:44:07 | 000,000,805 | ---- | C] () -- C:\WINDOWS\Common.ini
[2007/06/10 06:42:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRTSERV.dll
[2007/06/01 10:53:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/09/13 07:51:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/13 06:37:46 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/09/13 06:35:14 | 000,000,639 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/12 15:01:23 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/09/12 15:00:35 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2006/09/12 15:00:34 | 010,446,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2006/09/12 14:57:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/12 09:44:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/04 08:31:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CPEbLib.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/11/13 17:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/06/04 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2009/01/04 13:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2007/06/04 18:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2006/09/12 15:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2010/10/27 09:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/01/15 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2008/01/16 07:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marlin
[2010/10/22 15:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/07/16 21:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/06 09:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 19:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/29 19:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2009/01/04 13:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2009/03/31 21:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2007/06/04 18:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HotSync
[2008/03/09 15:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2006/09/12 15:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Infineon
[2010/10/27 10:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Juniper Networks
[2007/06/04 18:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/09/12 15:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2010/10/23 08:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turbine
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Yampa.exe:SummaryInformation
< End of report >
OTL logfile created on: 11/13/2010 6:39:30 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 19.84 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
Computer Name: L80X | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
PRC - C:\Garmin\gStart.exe (GARMIN Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Softex\OmniPass\OPXPApp.exe ()
PRC - C:\Program Files\Softex\OmniPass\scureapp.exe ()
PRC - C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe ()
PRC - C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe ()
PRC - C:\WINDOWS\system32\tsnp2std.exe ()
PRC - C:\Program Files\Elantech\Ktp.exe (ELANTECH Devices Corp.)
PRC - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG)
PRC - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)
PRC - C:\Program Files\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\wwSecure.exe (Webroot Software, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Softex\OmniPass\scuredll.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (omniserv) -- C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (Smart Watchdog) -- C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
SRV - (PersonalSecureDriveService) -- C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (wwSecSvc) -- C:\WINDOWS\system32\wwSecure.exe (Webroot Software, Inc.)
========== Driver Services (SafeList) ==========
DRV - (DisplayLinkmirror) -- C:\WINDOWS\System32\DRIVERS\DisplayLinkmirrorport.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CamFilter) -- C:\WINDOWS\system32\drivers\CamFilter.sys (Compal Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (Ktp) -- C:\WINDOWS\system32\drivers\Ktp.sys (ELANTECH Devices Corp.)
DRV - (CPEb) -- C:\WINDOWS\system32\drivers\CPEb.sys (Compal)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ddo.com;turbine.com;12.130.63;206
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
O1 HOSTS File: ([2010/11/13 17:27:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe ()
O4 - HKLM..\Run: [Smart Watch Dog] C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\System32\tsnp2std.exe ()
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178653213140 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180714239625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://webvpn.uhmc.sunysb.edu/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webvpn.uhmc.sunysb.edu/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/12 14:00:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/13 18:37:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/13 18:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/11/13 18:27:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 18:27:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/13 18:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 18:26:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/11/13 17:18:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/13 17:16:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/13 17:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/13 17:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/13 17:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/13 17:12:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/13 16:50:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/11/06 19:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/06 19:15:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/06 19:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/06 19:12:31 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2010/11/02 16:12:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/02 16:12:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/02 16:12:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Y6EMU2AIPX4BJQY5
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\U2AIQY5DLT08GOV3
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\T19HOW3BJRZ7FMU2
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\R08GOW4CJRZ6EMT1
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\QY5DLS08FNV3BIQX
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ENV3BJRZ7EMT18GN
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\X5DLS08GOV3BJQY6
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\W5DLT18GOV3BIPW4
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\8GNV3AIQX5DKS07F
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\5DLT08GNV2AHPW4C
[2010/10/29 19:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\U2AIPX5CKSZ7ELT1
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\OX4BJRZ6EMT19HOW
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\MU29HPX5CKRZ7ELT
[2010/10/23 08:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/10/23 08:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Dungeons and Dragons Online
[2010/10/23 08:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Turbine
[2010/10/23 07:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Turbine
[2010/10/23 07:42:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/10/23 07:42:04 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/10/23 07:41:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/10/23 07:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010/10/22 15:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PMB Files
[2010/10/22 15:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/10/22 15:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2008/08/14 11:51:23 | 003,306,678 | ---- | C] (Bart Lagerweij ) -- C:\Program Files\pebuilder3110a.exe
[2006/09/12 15:00:33 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2006/09/12 15:00:33 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/13 18:37:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/13 18:27:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 18:26:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/11/13 18:05:06 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/11/13 18:04:41 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/13 18:04:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 17:27:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/13 17:25:54 | 000,244,348 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/11/13 17:18:38 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2010/11/13 17:05:48 | 003,909,080 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/11/13 16:50:24 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/11/10 17:14:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/08 19:42:07 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2010/11/08 18:52:53 | 027,222,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Money.mny
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 04:38:46 | 000,441,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 04:38:46 | 000,071,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 21:47:13 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware Removal - Safer-Networking Forums.url
[2010/11/06 19:29:28 | 000,005,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/11/06 19:17:56 | 000,629,248 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.com
[2010/11/06 19:14:05 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/11/06 19:13:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2010/11/06 18:42:40 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\safer networking.doc
[2010/11/01 10:07:36 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/11/01 10:07:34 | 000,000,057 | ---- | M] () -- C:\WINDOWS\WinInit.Ini
[2010/10/31 21:31:02 | 000,179,200 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\- Getting Started Tips -.doc
[2010/10/31 15:57:59 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Citrix.url
[2010/10/29 19:25:28 | 000,128,336 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
[2010/10/29 19:25:28 | 000,095,568 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll
[2010/10/23 07:59:28 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/10/23 07:41:38 | 000,001,716 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DDO Unlimited.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/13 18:27:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 17:18:38 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2010/11/13 17:18:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/13 17:16:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/13 17:16:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/13 17:16:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/13 17:16:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/13 17:16:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/13 17:06:56 | 003,909,080 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/11/06 21:47:13 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware Removal - Safer-Networking Forums.url
[2010/11/06 19:29:28 | 000,005,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/11/06 19:17:55 | 000,629,248 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.com
[2010/11/06 19:14:05 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/11/06 18:42:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\safer networking.doc
[2010/11/01 10:07:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2010/10/23 07:59:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/10/23 07:41:38 | 000,001,716 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DDO Unlimited.lnk
[2010/10/02 07:51:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2010/10/02 07:40:37 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2010/10/02 07:40:29 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2010/10/02 07:40:29 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/22 20:01:44 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/29 00:16:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/29 00:16:05 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/29 00:16:05 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/29 00:16:05 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/14 23:39:50 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/02/15 06:32:59 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/02/15 06:32:57 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/01/12 13:58:57 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/03 09:10:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/11/26 17:06:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/04 07:42:11 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/22 15:45:34 | 000,012,995 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft Excel.CAL
[2007/08/20 12:16:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DcmLtbox.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/10 06:44:07 | 000,000,805 | ---- | C] () -- C:\WINDOWS\Common.ini
[2007/06/10 06:42:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRTSERV.dll
[2007/06/01 10:53:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/09/13 07:51:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/13 06:37:46 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/09/13 06:35:14 | 000,000,639 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/12 15:01:23 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/09/12 15:00:35 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2006/09/12 15:00:34 | 010,446,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2006/09/12 14:57:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/12 09:44:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/04 08:31:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CPEbLib.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/11/13 17:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/06/04 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2009/01/04 13:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2007/06/04 18:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2006/09/12 15:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2010/10/27 09:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/01/15 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2008/01/16 07:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marlin
[2010/10/22 15:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/07/16 21:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/06 09:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 19:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/29 19:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2009/01/04 13:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2009/03/31 21:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2007/06/04 18:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HotSync
[2008/03/09 15:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2006/09/12 15:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Infineon
[2010/10/27 10:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Juniper Networks
[2007/06/04 18:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/09/12 15:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2010/10/23 08:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turbine
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Yampa.exe:SummaryInformation
< End of report >
Extras to follow
OTL logfile created on: 11/13/2010 6:39:30 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 19.84 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
Computer Name: L80X | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
PRC - C:\Garmin\gStart.exe (GARMIN Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Softex\OmniPass\OPXPApp.exe ()
PRC - C:\Program Files\Softex\OmniPass\scureapp.exe ()
PRC - C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe ()
PRC - C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe ()
PRC - C:\WINDOWS\system32\tsnp2std.exe ()
PRC - C:\Program Files\Elantech\Ktp.exe (ELANTECH Devices Corp.)
PRC - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG)
PRC - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)
PRC - C:\Program Files\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\wwSecure.exe (Webroot Software, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Softex\OmniPass\scuredll.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (omniserv) -- C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (Smart Watchdog) -- C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
SRV - (PersonalSecureDriveService) -- C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (wwSecSvc) -- C:\WINDOWS\system32\wwSecure.exe (Webroot Software, Inc.)
========== Driver Services (SafeList) ==========
DRV - (DisplayLinkmirror) -- C:\WINDOWS\System32\DRIVERS\DisplayLinkmirrorport.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CamFilter) -- C:\WINDOWS\system32\drivers\CamFilter.sys (Compal Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (Ktp) -- C:\WINDOWS\system32\drivers\Ktp.sys (ELANTECH Devices Corp.)
DRV - (CPEb) -- C:\WINDOWS\system32\drivers\CPEb.sys (Compal)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ddo.com;turbine.com;12.130.63;206
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
O1 HOSTS File: ([2010/11/13 17:27:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe ()
O4 - HKLM..\Run: [Smart Watch Dog] C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\System32\tsnp2std.exe ()
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178653213140 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180714239625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://webvpn.uhmc.sunysb.edu/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webvpn.uhmc.sunysb.edu/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/12 14:00:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/13 18:37:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/13 18:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/11/13 18:27:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 18:27:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/13 18:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 18:26:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/11/13 17:18:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/13 17:16:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/13 17:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/13 17:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/13 17:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/13 17:12:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/13 16:50:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/11/06 19:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/06 19:15:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/06 19:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/06 19:12:31 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2010/11/02 16:12:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/02 16:12:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/02 16:12:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Y6EMU2AIPX4BJQY5
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\U2AIQY5DLT08GOV3
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\T19HOW3BJRZ7FMU2
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\R08GOW4CJRZ6EMT1
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\QY5DLS08FNV3BIQX
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ENV3BJRZ7EMT18GN
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\X5DLS08GOV3BJQY6
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\W5DLT18GOV3BIPW4
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\8GNV3AIQX5DKS07F
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\5DLT08GNV2AHPW4C
[2010/10/29 19:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\U2AIPX5CKSZ7ELT1
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\OX4BJRZ6EMT19HOW
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\MU29HPX5CKRZ7ELT
[2010/10/23 08:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/10/23 08:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Dungeons and Dragons Online
[2010/10/23 08:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Turbine
[2010/10/23 07:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Turbine
[2010/10/23 07:42:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/10/23 07:42:04 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/10/23 07:41:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/10/23 07:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010/10/22 15:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PMB Files
[2010/10/22 15:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/10/22 15:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2008/08/14 11:51:23 | 003,306,678 | ---- | C] (Bart Lagerweij ) -- C:\Program Files\pebuilder3110a.exe
[2006/09/12 15:00:33 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2006/09/12 15:00:33 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/13 18:37:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/13 18:27:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 18:26:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/11/13 18:05:06 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/11/13 18:04:41 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/13 18:04:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 17:27:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/13 17:25:54 | 000,244,348 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/11/13 17:18:38 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2010/11/13 17:05:48 | 003,909,080 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/11/13 16:50:24 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/11/10 17:14:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/08 19:42:07 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2010/11/08 18:52:53 | 027,222,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Money.mny
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 04:38:46 | 000,441,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 04:38:46 | 000,071,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 21:47:13 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware Removal - Safer-Networking Forums.url
[2010/11/06 19:29:28 | 000,005,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/11/06 19:17:56 | 000,629,248 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.com
[2010/11/06 19:14:05 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/11/06 19:13:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2010/11/06 18:42:40 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\safer networking.doc
[2010/11/01 10:07:36 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/11/01 10:07:34 | 000,000,057 | ---- | M] () -- C:\WINDOWS\WinInit.Ini
[2010/10/31 21:31:02 | 000,179,200 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\- Getting Started Tips -.doc
[2010/10/31 15:57:59 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Citrix.url
[2010/10/29 19:25:28 | 000,128,336 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
[2010/10/29 19:25:28 | 000,095,568 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll
[2010/10/23 07:59:28 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/10/23 07:41:38 | 000,001,716 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DDO Unlimited.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/13 18:27:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 17:18:38 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2010/11/13 17:18:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/13 17:16:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/13 17:16:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/13 17:16:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/13 17:16:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/13 17:16:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/13 17:06:56 | 003,909,080 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/11/06 21:47:13 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware Removal - Safer-Networking Forums.url
[2010/11/06 19:29:28 | 000,005,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/11/06 19:17:55 | 000,629,248 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.com
[2010/11/06 19:14:05 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/11/06 18:42:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\safer networking.doc
[2010/11/01 10:07:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2010/10/23 07:59:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/10/23 07:41:38 | 000,001,716 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DDO Unlimited.lnk
[2010/10/02 07:51:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2010/10/02 07:40:37 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2010/10/02 07:40:29 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2010/10/02 07:40:29 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/22 20:01:44 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/29 00:16:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/29 00:16:05 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/29 00:16:05 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/29 00:16:05 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/14 23:39:50 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/02/15 06:32:59 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/02/15 06:32:57 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/01/12 13:58:57 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/03 09:10:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/11/26 17:06:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/04 07:42:11 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/22 15:45:34 | 000,012,995 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft Excel.CAL
[2007/08/20 12:16:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DcmLtbox.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/10 06:44:07 | 000,000,805 | ---- | C] () -- C:\WINDOWS\Common.ini
[2007/06/10 06:42:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRTSERV.dll
[2007/06/01 10:53:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/09/13 07:51:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/13 06:37:46 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/09/13 06:35:14 | 000,000,639 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/12 15:01:23 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/09/12 15:00:35 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2006/09/12 15:00:34 | 010,446,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2006/09/12 14:57:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/12 09:44:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/04 08:31:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CPEbLib.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/11/13 17:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/06/04 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2009/01/04 13:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2007/06/04 18:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2006/09/12 15:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2010/10/27 09:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/01/15 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2008/01/16 07:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marlin
[2010/10/22 15:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/07/16 21:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/06 09:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 19:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/29 19:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2009/01/04 13:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2009/03/31 21:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2007/06/04 18:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HotSync
[2008/03/09 15:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2006/09/12 15:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Infineon
[2010/10/27 10:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Juniper Networks
[2007/06/04 18:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/09/12 15:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2010/10/23 08:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turbine
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Yampa.exe:SummaryInformation
< End of report >
Hi,
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
C:\WINDOWS\Y6EMU2AIPX4BJQY5
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
:Reg
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Ken545,
Here are the systemlook, otl fix, and otl scan logs. On the otl fix the computer froze on the Window is shutting down screen for 10 minutes so I manually powered off and on.
Thank you again for your time and expertise.
Ted B.
SystemLook 04.09.10 by jpshortstuff
Log created at 07:05 on 14/11/2010 by Owner
Administrator - Elevation successful
========== dir ==========
C:\WINDOWS\Y6EMU2AIPX4BJQY5 - Parameters: "(none)"
---Files---
None found.
---Folders---
None found.
-= EOF =-
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Owner
->Temp folder emptied: 1030276 bytes
->Temporary Internet Files folder emptied: 10781452 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 957440 bytes
->Flash cache emptied: 131317 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 60442 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 14.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.17.3 log created on 11142010_071247
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL logfile created on: 11/14/2010 7:31:49 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 19.81 Gb Free Space | 21.27% Space Free | Partition Type: NTFS
Computer Name: L80X | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Garmin\gStart.exe (GARMIN Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Softex\OmniPass\OPXPApp.exe ()
PRC - C:\Program Files\Softex\OmniPass\scureapp.exe ()
PRC - C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe ()
PRC - C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe ()
PRC - C:\WINDOWS\system32\tsnp2std.exe ()
PRC - C:\Program Files\Elantech\Ktp.exe (ELANTECH Devices Corp.)
PRC - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG)
PRC - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)
PRC - C:\Program Files\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\wwSecure.exe (Webroot Software, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Softex\OmniPass\scuredll.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (omniserv) -- C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (Smart Watchdog) -- C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
SRV - (PersonalSecureDriveService) -- C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (wwSecSvc) -- C:\WINDOWS\system32\wwSecure.exe (Webroot Software, Inc.)
========== Driver Services (SafeList) ==========
DRV - (DisplayLinkmirror) -- C:\WINDOWS\System32\DRIVERS\DisplayLinkmirrorport.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CamFilter) -- C:\WINDOWS\system32\drivers\CamFilter.sys (Compal Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (Ktp) -- C:\WINDOWS\system32\drivers\Ktp.sys (ELANTECH Devices Corp.)
DRV - (CPEb) -- C:\WINDOWS\system32\drivers\CPEb.sys (Compal)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ddo.com;turbine.com;12.130.63;206
O1 HOSTS File: ([2010/11/14 07:13:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe ()
O4 - HKLM..\Run: [Smart Watch Dog] C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\System32\tsnp2std.exe ()
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178653213140 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180714239625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://webvpn.uhmc.sunysb.edu/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webvpn.uhmc.sunysb.edu/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/12 14:00:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/14 07:13:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/14 07:12:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/13 18:37:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/13 18:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/11/13 18:27:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 18:27:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/13 18:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 18:26:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/11/13 17:18:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/13 17:16:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/13 17:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/13 17:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/13 17:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/13 17:12:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/13 16:50:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/11/06 19:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/06 19:15:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/06 19:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/06 19:12:31 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2010/11/02 16:12:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/02 16:12:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/02 16:12:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Y6EMU2AIPX4BJQY5
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\U2AIQY5DLT08GOV3
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\T19HOW3BJRZ7FMU2
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\R08GOW4CJRZ6EMT1
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\QY5DLS08FNV3BIQX
[2010/10/29 20:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ENV3BJRZ7EMT18GN
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\X5DLS08GOV3BJQY6
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\W5DLT18GOV3BIPW4
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\8GNV3AIQX5DKS07F
[2010/10/29 20:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\5DLT08GNV2AHPW4C
[2010/10/29 19:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\U2AIPX5CKSZ7ELT1
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\OX4BJRZ6EMT19HOW
[2010/10/29 19:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\MU29HPX5CKRZ7ELT
[2010/10/23 08:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/10/23 08:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Dungeons and Dragons Online
[2010/10/23 08:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Turbine
[2010/10/23 07:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Turbine
[2010/10/23 07:42:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/10/23 07:42:04 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/10/23 07:41:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/10/23 07:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010/10/22 15:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PMB Files
[2010/10/22 15:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/10/22 15:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2008/08/14 11:51:23 | 003,306,678 | ---- | C] (Bart Lagerweij ) -- C:\Program Files\pebuilder3110a.exe
[2006/09/12 15:00:33 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2006/09/12 15:00:33 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
========== Files - Modified Within 30 Days ==========
[2010/11/14 07:29:17 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/11/14 07:24:40 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/14 07:24:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/14 07:13:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/14 07:04:08 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2010/11/13 18:37:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/13 18:27:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 18:26:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/11/13 17:25:54 | 000,244,348 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/11/13 17:18:38 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2010/11/13 17:05:48 | 003,909,080 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/11/13 16:50:24 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/11/10 17:14:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/08 19:42:07 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2010/11/08 18:52:53 | 027,222,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Money.mny
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 04:38:46 | 000,441,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 04:38:46 | 000,071,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 21:47:13 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware Removal - Safer-Networking Forums.url
[2010/11/06 19:29:28 | 000,005,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/11/06 19:17:56 | 000,629,248 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.com
[2010/11/06 19:14:05 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/11/06 19:13:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2010/11/06 18:42:40 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\safer networking.doc
[2010/11/01 10:07:36 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/11/01 10:07:34 | 000,000,057 | ---- | M] () -- C:\WINDOWS\WinInit.Ini
[2010/10/31 21:31:02 | 000,179,200 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\- Getting Started Tips -.doc
[2010/10/31 15:57:59 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Citrix.url
[2010/10/29 19:25:28 | 000,128,336 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
[2010/10/29 19:25:28 | 000,095,568 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll
[2010/10/23 07:59:28 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/10/23 07:41:38 | 000,001,716 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DDO Unlimited.lnk
========== Files Created - No Company Name ==========
[2010/11/14 07:04:08 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2010/11/13 18:27:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 17:18:38 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2010/11/13 17:18:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/13 17:16:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/13 17:16:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/13 17:16:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/13 17:16:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/13 17:16:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/13 17:06:56 | 003,909,080 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/11/06 21:47:13 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware Removal - Safer-Networking Forums.url
[2010/11/06 19:29:28 | 000,005,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/11/06 19:17:55 | 000,629,248 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.com
[2010/11/06 19:14:05 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/11/06 18:42:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\safer networking.doc
[2010/11/01 10:07:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2010/10/23 07:59:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/10/23 07:41:38 | 000,001,716 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DDO Unlimited.lnk
[2010/10/02 07:51:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2010/10/02 07:40:37 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2010/10/02 07:40:29 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2010/10/02 07:40:29 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/22 20:01:44 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/29 00:16:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/29 00:16:05 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/29 00:16:05 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/29 00:16:05 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/14 23:39:50 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/02/15 06:32:59 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/02/15 06:32:57 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/01/12 13:58:57 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/03 09:10:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/11/26 17:06:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/04 07:42:11 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/22 15:45:34 | 000,012,995 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft Excel.CAL
[2007/08/20 12:16:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DcmLtbox.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/10 06:44:07 | 000,000,805 | ---- | C] () -- C:\WINDOWS\Common.ini
[2007/06/10 06:42:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRTSERV.dll
[2007/06/01 10:53:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/09/13 07:51:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/13 06:37:46 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/09/13 06:35:14 | 000,000,639 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/12 15:01:23 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/09/12 15:00:35 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2006/09/12 15:00:34 | 010,446,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2006/09/12 14:57:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/12 09:44:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/04 08:31:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CPEbLib.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Yampa.exe:SummaryInformation
< End of report >
Hi,
I am thinking that the directory that System Look did not find may be related to Minecraft as they have been all installed about the same time.
Are you still being redirected ?
Ken545,
I did a few Google searches and clicked on some links and was not redirected.
I ran Spybot and did not get "coolsearch" entry as I had been.
I don't see any listing for Minecraft in the Add/Remove part of the control panel. Maybe it's just a browser based game.
Is there a next step? Should I uninstall the programs I downloaded?
Thank you again.
Ted B.
Hello Ted,
Thats great :bigthumb:
Open OTL and click on the CleanUp Feature and it will remove most of the tools and there backups for programs we have run.
Malwarebytes This is the free version and yours to keep, update it and run a scan once a week or so.
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Ken545,
I reinstalled my CA Internet Security Suite and did a full scan and no trojans showed up. Even after restarting I don't seem to be getting any redirects.
Thank you very much for giving up time on your weekend and helping out.
Ted B.
Your very welcome Ted,
Take care,
Ken :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.