View Full Version : Click.GiftLoad--Cannot Delete
Click.GiftLoad infected my computer last week and is causing severe problems (excessive slow down, high CPU usage, need to repeatedly restart computer....) Spybot locates the infection and will delete it, but it returns continuously. At the same time, it has affected my external hard drive--had to disconnect it because it forces a blue screen to open bearing the error message0xC0000005. I am not sure if this is related to Click.GiftLoad but all problems occurred simultaneously. Regardless, I am attaching zip files for the dds.txt, attach.txt, and the Spybot Search Results.
Thank you for your assistance.
fb
--- Search result list ---
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 17:44:04.42 on Wed 03/30/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.1912 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.google.ca/nwshp?hl=en&tab=wn
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [NortonUtilities] "c:\program files\norton utilities 14\nu.exe" /S
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Search - ?s=100000338&p=ZJman000&si=&a=IelGAQlKUhwtN1SVOc0a7A&n=2010043013
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206480799890
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pw3jjnfs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/news
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pw3jjnfs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pw3jjnfs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: http://forums.spybot.info/misc.php?do=email_dev&email=anFzQHN1bi5jb20= - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coFFPlgn
FF - Ext: XULRunner: {5C90D152-03C5-46F8-B353-58F544134553} - c:\documents and settings\owner\local settings\application data\{5C90D152-03C5-46F8-B353-58F544134553}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.zencast, Creative ZENcast v2.00.13
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-31 58984]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\symds.sys [2011-1-6 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\symefa.sys [2011-1-6 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-3-10 800376]
R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\23945\RapportCerberus_23945.sys [2011-3-14 55224]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-31 169064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys [2011-1-6 136312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-7-16 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-7-16 600944]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.5.0.125\ccsvchst.exe [2011-1-6 130000]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-31 767208]
R3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [2008-4-20 16896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-12 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110325.002\IDSXpx86.sys [2011-3-14 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110330.003\NAVENG.SYS [2011-3-30 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110330.003\NAVEX15.SYS [2011-3-30 1360760]
R3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [2009-9-19 13359]
S2 wntpport;wntpport; [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-5-21 15656]
S4 gupdate1c9ab5deade1160;Google Update Service (gupdate1c9ab5deade1160);c:\program files\google\update\GoogleUpdate.exe [2009-3-22 133104]
S4 LMIRescue;LogMeIn Rescue (11520163-0ed2-4c3a-9f26-eef0e51c86c2);c:\windows\lmi1b.tmp\lmi_rescue.exe [2009-12-22 1738544]
S4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-3-27 2789672]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-03-30 01:39:43 339968 ----a-w- c:\windows\system32\null0.24477071685619223.exe
2011-03-29 22:59:13 331776 ----a-w- c:\windows\system32\null0.5133397128311065.exe
2011-03-27 02:00:36 0 ----a-w- c:\windows\system32\null0.31704339534450143.exe
2011-03-25 04:14:00 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2011-03-22 02:01:02 -------- dc-h--w- c:\windows\ie8
2011-03-20 19:31:45 -------- d-----w- c:\program files\GetData
2011-03-20 18:56:08 -------- d-----w- c:\docume~1\owner\applic~1\asoftech
2011-03-20 18:56:06 -------- d-----w- c:\program files\Asoftech
2011-03-15 04:09:58 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\~0
2011-03-15 04:07:49 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PackageAware
2011-03-13 15:42:25 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2011-03-13 15:36:18 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2011-03-11 03:36:49 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-03-10 16:31:54 -------- d-----w- c:\docume~1\owner\applic~1\.oit
2011-03-10 16:31:43 -------- d-----w- c:\windows\system32\VIEWERS
2011-03-10 16:31:32 -------- d-----w- c:\program files\common files\InstallShield Shared
2011-03-10 09:58:29 0 ----a-w- c:\windows\Ytatadu.bin
2011-03-10 09:58:25 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{5C90D152-03C5-46F8-B353-58F544134553}
.
==================== Find3M ====================
.
2011-03-22 19:53:46 1880 ----a-w- c:\windows\AUTOLNCH.REG
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2000-12-12 15:17:40 100432 -c----w- c:\program files\Win2000PPAHotfix.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y120M0 rev.YAR51EW0 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iomdisk.sys >>UNKNOWN [0x8A90E439]<<
c:\windows\system32\drivers\iomdisk.sys Iomega Corporation Microsoft(R) Windows NT(R) Operating System
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a9147d0]; MOV EAX, [0x8a91484c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A931AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A96ED78]
5 iomdisk[0xF7717DAF] -> nt!IofCallDriver[0x804E13B9] -> [0x8A970D98]
\Driver\atapi[0x8A93A160] -> IRP_MJ_CREATE -> 0x8A90E439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskMaxtor_6Y120M0__________________________YAR51EW0#33594c4d43324550202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A90E27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:46:22.70 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Your infected with a Rootkit
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrscan.gif
Click the "Scan" button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrsavelog.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
Thank you, Ken. As per your request, I am posting the scan results:
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-03-31 23:24:34
-----------------------------
23:24:34.249 OS Version: Windows 5.1.2600 Service Pack 3
23:24:34.249 Number of processors: 2 586 0x209
23:24:34.249 ComputerName: Owner UserName: Owner
23:24:37.999 Initialize success
23:24:41.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort1
23:24:41.343 Disk 0 Vendor: Maxtor_6Y120M0 YAR51EW0 Size: 114440MB BusType: 3
23:24:41.343 Device \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskMaxtor_6Y120M0__________________________YAR51EW0#33594c4d43324550202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
23:24:41.343 Device \Driver\atapi -> DriverStartIo 8a91427f
23:24:43.374 Disk 0 MBR read successfully
23:24:43.390 Disk 0 MBR scan
23:24:43.390 Disk 0 TDL4@MBR code has been found
23:24:43.390 Disk 0 MBR hidden
23:24:43.390 Disk 0 MBR [TDL4] **ROOTKIT**
23:24:43.390 Disk 0 trace - called modules:
23:24:43.390 ntoskrnl.exe CLASSPNP.SYS disk.sys iomdisk.sys >>UNKNOWN [0x8a914439]<<
23:24:43.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a94cab8]
23:24:43.390 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8a959d78]
23:24:43.390 5 iomdisk.sys[f7717daf] -> nt!IofCallDriver -> [0x8a94dd98]
23:24:43.406 \Driver\atapi[0x8a9d08c8] -> IRP_MJ_CREATE -> 0x8a914439
23:24:43.406 Scan finished successfully
Good Morning
Re-Run aswMBR
Click Scan
On completion of the scan
Click the Fix Button
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrtdl4.gif
Save the log as before and post in your next reply
Thank you for your continued support, Ken. Below are the results of the rescan after the fix:
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-02 12:31:39
-----------------------------
12:31:39.093 OS Version: Windows 5.1.2600 Service Pack 3
12:31:39.093 Number of processors: 2 586 0x209
12:31:39.093 ComputerName: Owner UserName: Owner
12:31:42.390 Initialize success
12:31:53.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort1
12:31:53.000 Disk 0 Vendor: Maxtor_6Y120M0 YAR51EW0 Size: 114440MB BusType: 3
12:31:53.000 Device \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskMaxtor_6Y120M0__________________________YAR51EW0#33594c4d43324550202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
12:31:53.000 Device \Driver\atapi -> DriverStartIo 8a90e27f
12:31:55.000 Disk 0 MBR read successfully
12:31:55.000 Disk 0 MBR scan
12:31:55.000 Disk 0 TDL4@MBR code has been found
12:31:55.000 Disk 0 MBR hidden
12:31:55.000 Disk 0 MBR [TDL4] **ROOTKIT**
12:31:55.015 Disk 0 trace - called modules:
12:31:55.015 ntoskrnl.exe CLASSPNP.SYS disk.sys iomdisk.sys >>UNKNOWN [0x8a90e439]<<
12:31:55.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a96dab8]
12:31:55.015 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8a931d78]
12:31:55.015 5 iomdisk.sys[f7717daf] -> nt!IofCallDriver -> [0x8a933d98]
12:31:55.015 \Driver\atapi[0x8a96d9c0] -> IRP_MJ_CREATE -> 0x8a90e439
12:31:55.015 Scan finished successfully
12:32:09.812 Disk 0 fixing MBR
12:32:19.812 Disk 0 MBR restored successfully
12:32:19.812 Infection fixed successfully - please reboot ASAP
Did you click on FIX or FIXMBR ? My instructions where to click on FIX
Rerun it again to scan and then click on FIX
Hi Ken. Yes, I am certain I clicked the FIX button. However, as per your instructions, I have rerun the scan. The fix button is gray and not accessible. The only button I am able to click is the FIXMBR button. I did not click this as I don't know if that is what you want me to do. I am posting my scan results without the click of FIXMBR. Please advise how to proceed. Thank you.
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-02 19:25:31
-----------------------------
19:25:31.890 OS Version: Windows 5.1.2600 Service Pack 3
19:25:31.890 Number of processors: 2 586 0x209
19:25:31.890 ComputerName: Owner UserName: Owner
19:25:33.312 Initialize success
19:26:22.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
19:26:22.625 Disk 0 Vendor: Maxtor_6Y120M0 YAR51EW0 Size: 114440MB BusType: 3
19:26:24.640 Disk 0 MBR read successfully
19:26:24.640 Disk 0 MBR scan
19:26:26.640 Disk 0 scanning sectors +234356220
19:26:26.671 Disk 0 scanning C:\WINDOWS\system32\drivers
19:26:37.343 Service scanning
19:26:38.468 Disk 0 trace - called modules:
19:26:38.484 ntoskrnl.exe CLASSPNP.SYS disk.sys iomdisk.sys atapi.sys hal.dll pciide.sys
19:26:38.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a963ab8]
19:26:38.484 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8a9b7d78]
19:26:38.484 5 iomdisk.sys[f7717daf] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a977d98]
19:26:38.484 Scan finished successfully
Good, running FIXMBR could have been a disaster :sad: Looks like you may have posted the wrong log before as the rootkit appears gone
With this type of infection there could be more, lets do this
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Hello, Ken. Thank you for the clarity of your directions. Here is the ComboFix Log:
ComboFix 11-04-02.03 - Owner 04/02/2011 23:39:56.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2262 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\Owner\Local Settings\Application Data\{5C90D152-03C5-46F8-B353-58F544134553}
c:\documents and settings\Owner\Local Settings\Application Data\{5C90D152-03C5-46F8-B353-58F544134553}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{5C90D152-03C5-46F8-B353-58F544134553}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{5C90D152-03C5-46F8-B353-58F544134553}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{5C90D152-03C5-46F8-B353-58F544134553}\install.rdf
c:\windows\_rr_kscidp3.dll
c:\windows\AUTOLNCH.REG
c:\windows\system32\_000001_.tmp.dll
c:\windows\system32\_000002_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\null0.31704339534450143.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2011-04-02 16:36 . 2011-04-02 16:49 -------- d-----w- c:\documents and settings\TEMP
2011-03-30 01:39 . 2011-03-30 01:39 339968 ----a-w- c:\windows\system32\null0.24477071685619223.exe
2011-03-29 22:59 . 2011-03-29 22:59 331776 ----a-w- c:\windows\system32\null0.5133397128311065.exe
2011-03-29 22:58 . 2011-03-29 23:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-25 04:14 . 2011-03-25 04:14 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2011-03-22 02:01 . 2011-03-22 02:06 -------- dc-h--w- c:\windows\ie8
2011-03-20 19:31 . 2011-03-20 19:31 -------- d-----w- c:\program files\GetData
2011-03-20 18:56 . 2011-03-20 18:56 -------- d-----w- c:\documents and settings\Owner\Application Data\asoftech
2011-03-20 18:56 . 2011-03-20 18:56 -------- d-----w- c:\program files\Asoftech
2011-03-15 04:50 . 2011-03-15 04:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-03-15 04:09 . 2011-03-15 05:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2011-03-15 04:07 . 2011-03-15 04:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2011-03-13 15:42 . 2011-03-13 15:42 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2011-03-13 15:37 . 2011-03-13 15:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-03-13 15:37 . 2011-03-13 15:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-13 15:36 . 2011-03-13 15:36 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2011-03-11 03:36 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-03-10 16:31 . 2011-03-10 16:34 -------- d-----w- c:\documents and settings\Owner\Application Data\.oit
2011-03-10 16:31 . 2011-03-10 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2011-03-10 16:31 . 2011-03-10 16:31 -------- d-----w- c:\windows\system32\VIEWERS
2011-03-10 16:31 . 2011-03-15 05:06 -------- d-----w- c:\program files\Common Files\InstallShield Shared
2011-03-10 09:58 . 2011-03-10 09:58 0 ----a-w- c:\windows\Ytatadu.bin
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-25 04:09 . 2011-02-25 04:09 9216 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2011-02-09 13:53 . 2003-07-16 20:43 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-07-16 20:27 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-03-25 21:27 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-03-25 21:27 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2003-07-16 20:44 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-07-16 20:24 290048 ----a-w- c:\windows\system32\atmfd.dll
2000-12-12 15:17 . 2000-12-13 22:22 100432 -c----w- c:\program files\Win2000PPAHotfix.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-12-23 4093288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-02 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-11-30 608584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-13 16:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoBackup Launcher.lnk]
backup=c:\windows\pss\AutoBackup Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-02-20 22:27 110592 ----a-w- c:\windows\system32\CTASIO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-04 21:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-08-25 02:10 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 22:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
2007-11-06 15:08 397312 ------w- c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-02-20 22:45 28672 ----a-w- c:\windows\system32\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 14:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2006-06-13 09:20 127036 ----a-w- c:\windows\system32\dla\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo 2200]
2002-06-30 19:05 74752 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpppta]
2000-12-05 18:02 86016 ----a-w- c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPPPTA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
2001-09-12 15:35 61440 ----a-w- c:\program files\Iomega\DriveIcons\Imgicon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Startup Options]
2001-01-17 21:33 45056 ----a-w- c:\program files\Iomega\Common\IMGSTART.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-05-01 18:35 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 15:05 53248 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-06 15:05 118784 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2009-09-01 21:31 1086760 ----a-w- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 14:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 19:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
2009-06-26 20:05 578904 ----a-w- c:\program files\Dell\PC TuneUp\SMSystemAnalyzer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 05:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
2007-01-18 17:20 190008 ----a-w- c:\program files\Seagate\SystemTray\StxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-02 23:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-04-08 09:42 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 -c----w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LMIRescue"=2 (0x2)
"TabletServiceWacom"=2 (0x2)
"Symantec RemoteAssist"=3 (0x3)
"ServiceLayer"=3 (0x3)
"RapportMgmtService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Iomega Activity Disk2"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"InterBaseServer"=3 (0x3)
"InterBaseGuardian"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c9ab5deade1160"=2 (0x2)
"GoToAssist"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"Crypkey License"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11091:TCP"= 11091:TCP:BitComet 11091 TCP
"11091:UDP"= 11091:UDP:BitComet 11091 UDP
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [8/31/2010 2:30 PM 58984]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\symds.sys [1/6/2011 10:06 PM 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\symefa.sys [1/6/2011 10:06 PM 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [3/10/2011 11:55 PM 800376]
R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys [3/14/2011 10:32 AM 55224]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [8/31/2010 2:30 PM 169064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\ironx86.sys [1/6/2011 10:06 PM 136312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/16/2008 8:08 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/16/2008 8:08 PM 600944]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [1/6/2011 10:06 PM 130000]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [8/31/2010 2:29 PM 767208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/12/2011 12:23 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSXpx86.sys [3/31/2011 11:07 PM 341944]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys [2/22/2011 10:28 AM 18872]
R3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [9/19/2009 7:04 AM 13359]
S2 wntpport;wntpport; [x]
S3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [4/20/2008 4:43 PM 16896]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [5/21/2009 7:22 AM 15656]
S4 gupdate1c9ab5deade1160;Google Update Service (gupdate1c9ab5deade1160);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2009 10:20 PM 133104]
S4 LMIRescue;LogMeIn Rescue (11520163-0ed2-4c3a-9f26-eef0e51c86c2);c:\windows\LMI1B.tmp\lmi_rescue.exe [12/22/2009 10:16 PM 1738544]
S4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [3/27/2009 8:27 PM 2789672]
.
Contents of the 'Scheduled Tasks' folder
.
2010-03-02 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-07-16 00:12]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 02:19]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 02:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.ca/nwshp?hl=en&tab=wn
uInternet Connection Wizard,ShellNext = iexplore
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/news
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.zencast, Creative ZENcast v2.00.13
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 23:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-287218729-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(3548)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-03 00:00:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-03 04:00
.
Pre-Run: 37,660,069,888 bytes free
Post-Run: 38,094,970,880 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 1896EC8E50A02FA0027EED1FE56CA284
Hi,
BitComet <-- This is most lilkely how you infected your system, your downloading that file from and unknown source , malware writers are taking advantage of this and using it to infect you. If you look through your Combofix log you will see that this program lets anything you download freely onto your system, not good . You need to uninstall this program via Add Remove Programs in the Control Panel
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11091:TCP"= 11091:TCP:BitComet 11091 TCP
"11091:UDP"= 11091:UDP:BitComet 11091 UDP
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
c:\windows\system32\null0.24477071685619223.exe
If the site is busy you can try this one
http://virusscan.jotti.org/en
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Hi Ken. Completed the following:
Removed BitComet
Enabled Windows to view hidden files
Ran VirusTool and attaching log
Ran malwarebytes and attaching log
Thank you so much for working with me through this--very much appreciated!
Hey, thanks for the logs. I would like to ask you to just copy and paste the logs and reports we ask for into this thread, its easier on these old eyes to analyze.
OK that file was bad but before we remove it run this quick scan
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Good morning, Ken. OTL.txt enclosed. Could not generate the Extras.txt file despite running the program several times. Please advise. Have a great day.
OTL logfile created on: 4/4/2011 10:27:30 AM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 36.06 Gb Free Space | 32.28% Space Free | Partition Type: NTFS
Drive D: | 697.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 492.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: Owner| User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (LMIRescue) LogMeIn Rescue (11520163-0ed2-4c3a-9f26-eef0e51c86c2) -- C:\WINDOWS\LMI1B.tmp\lmi_rescue.exe (LogMeIn, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (InterBaseServer) -- C:\Program Files\Borland\Interbase\Bin\IBServer.exe (Inprise Corporation)
SRV - (InterBaseGuardian) -- C:\Program Files\Borland\Interbase\Bin\IBGuard.exe (Inprise Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ()
SRV - (Iomega Activity Disk2) -- C:\Program Files\Iomega\System32\ActivityDisk.exe (Iomega Corporation)
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110403.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110403.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSXpx86.sys (Symantec Corporation)
DRV - (RapportCerberus_23945) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (Trusteer Ltd.)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 300(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (SydexFDD) -- C:\WINDOWS\system32\drivers\SYDEXFDD.SYS (Windows (R) 2000 DDK provider)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\dla\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\dla\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\dla\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (busbcrw) -- C:\WINDOWS\system32\drivers\busbcrw.sys (Brother Industries, Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\Aspi32.sys (Adaptec)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/news"
FF - prefs.js..extensions.enabledItems: http://forums.spybot.info/misc.php?do=email_dev&email=anFzQHN1bi5jb20=:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {5C90D152-03C5-46F8-B353-58F544134553}:1.9.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/08 05:42:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/13 23:02:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 22:06:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 12:44:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/21 21:24:51 | 000,000,000 | ---D | M]
[2009/06/02 14:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/02/05 22:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions
[2010/07/18 09:04:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/02 16:14:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\searchplugins\askcom.xml
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 22:06:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/13 23:02:00 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{5C90D152-03C5-46F8-B353-58F544134553}
[2010/03/18 20:44:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/18 10:34:04 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
O1 HOSTS File: ([2011/04/02 23:50:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206480799890 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/27 16:41:54 | 000,000,000 | ---D | M] - C:\AutoBackup -- [ NTFS ]
O32 - AutoRun File - [2008/03/25 17:31:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/09 17:50:20 | 000,000,053 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2000/07/23 15:53:52 | 000,060,416 | R--- | M] (AshzFall) - E:\autostart.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\System
[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2011/04/03 21:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MY HOUSE PLANS
[2011/04/03 18:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/03 18:14:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/03 18:14:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/03 18:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/02 23:38:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/02 23:25:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/02 23:25:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/02 23:25:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/02 23:25:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/02 23:24:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/02 23:24:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/02 23:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SPYBOT FORUM
[2011/03/29 21:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HOUSE PLANS
[2011/03/29 18:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/29 18:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/26 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/03/25 07:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\KINGSTON FLASH
[2011/03/25 00:14:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2011/03/24 12:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\STRAIGHT FONTS
[2011/03/21 22:01:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/20 15:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/03/20 15:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Recover My Files v4
[2011/03/20 15:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2011/03/20 14:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\asoftech
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Asoftech Data Recovery
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Asoftech
[2011/03/19 18:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/03/19 18:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/03/15 22:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ggdesigns_Ours&Guest
[2011/03/15 00:09:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/03/15 00:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[2011/03/14 18:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SCRIPT FONTS
[2011/03/13 11:42:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2011/03/13 11:36:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2011/03/11 08:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GENEALOGY REFERENCES
[2011/03/10 23:36:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2011/03/10 12:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.oit
[2011/03/10 12:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/03/10 12:31:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VIEWERS
[2011/03/10 12:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield Shared
[2011/03/10 07:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/10 06:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/10 06:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/07 10:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB
[2010/02/07 22:20:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2008/03/25 17:21:16 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/04 10:29:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/04 10:26:26 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\Owner\Cache.db
[2011/04/04 10:15:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 10:08:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 10:07:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/04/04 10:07:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/04/04 00:54:36 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 00:54:36 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 00:54:36 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 00:54:36 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 00:54:36 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/04 00:54:36 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/04 00:54:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 00:54:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 00:45:22 | 000,306,971 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 21:59:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:14:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:50:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/02 23:38:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/02 23:21:30 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/04/02 12:17:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/31 23:34:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 00:33:22 | 000,306,004 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/25 09:28:00 | 000,038,481 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido 2.pes
[2011/03/25 08:54:07 | 000,034,022 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido 1.pes
[2011/03/24 23:46:11 | 000,051,717 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido Lamborghini.pes
[2011/03/24 10:29:03 | 000,000,040 | ---- | M] () -- C:\WINDOWS\Embedit.INI
[2011/03/21 22:18:51 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/18 00:00:43 | 000,024,020 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\40-205mf-1300.gif
[2011/03/16 22:26:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/16 06:23:00 | 000,121,580 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\blrheartoval.pes
[2011/03/14 19:29:18 | 000,048,258 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ROPEOVALguest.PES
[2011/03/14 19:24:39 | 000,101,613 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\blrropeoval.pes
[2011/03/14 19:23:23 | 000,012,675 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\guest for 4x4 ovals.pes
[2011/03/13 23:12:58 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/13 22:59:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/13 07:45:58 | 000,443,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 07:45:58 | 000,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 12:43:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ytatadu.bin
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/04 00:45:21 | 000,306,971 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 18:14:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:38:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/02 23:38:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/02 23:25:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/02 23:25:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 23:25:31 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/02 23:25:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 23:25:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 23:21:21 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/03/31 23:26:19 | 004,481,358 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/03/31 00:33:21 | 000,306,004 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/29 23:25:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/25 09:28:00 | 000,038,481 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido 2.pes
[2011/03/25 08:54:07 | 000,034,022 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido 1.pes
[2011/03/24 23:46:11 | 000,051,717 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido Lamborghini.pes
[2011/03/21 22:18:51 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:12 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/18 00:00:42 | 000,024,020 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\40-205mf-1300.gif
[2011/03/14 19:29:18 | 000,048,258 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ROPEOVALguest.PES
[2011/03/14 19:24:39 | 000,101,613 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\blrropeoval.pes
[2011/03/14 19:24:30 | 000,121,580 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\blrheartoval.pes
[2011/03/14 19:23:23 | 000,012,675 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\guest for 4x4 ovals.pes
[2011/03/13 23:12:58 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ytatadu.bin
[2010/09/11 12:10:29 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/14 16:09:55 | 000,000,271 | ---- | C] () -- C:\WINDOWS\PCTuneUp.INI
[2010/07/29 23:31:25 | 000,161,256 | ---- | C] () -- C:\WINDOWS\Expstudio Audio Editor FREE Uninstaller.exe
[2010/07/29 20:29:51 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/07/12 09:56:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/05 13:32:10 | 000,188,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/05 13:02:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\downloads.m3u
[2010/02/12 18:35:02 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2010/02/07 23:10:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/07 22:20:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/02/07 22:20:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/02/07 10:24:24 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/29 07:47:28 | 000,000,000 | ---- | C] () -- C:\Program Files\023432
[2009/08/01 17:57:24 | 000,000,314 | ---- | C] () -- C:\WINDOWS\System32\commong7.dat
[2009/08/01 17:54:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/06/02 14:19:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/30 10:26:24 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Embmake.INI
[2009/05/21 16:59:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2009/04/21 11:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2008/12/15 06:39:49 | 000,000,410 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/13 23:06:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/04 07:38:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/11/04 07:38:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/11/04 07:38:31 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/11/04 07:38:31 | 000,021,638 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/11/04 07:38:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/11/04 07:38:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/09/23 23:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/09/23 23:19:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/23 23:19:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/22 18:03:20 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/07/16 20:08:21 | 000,938,328 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/07/16 20:08:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2008/07/16 20:08:21 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2008/07/16 20:06:28 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/16 14:51:22 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2008/07/13 13:18:03 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2008/07/13 13:18:03 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2008/07/13 13:18:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/07/08 11:14:22 | 000,905,728 | ---- | C] () -- C:\WINDOWS\System32\Pano12.dll
[2008/05/06 19:51:30 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
[2008/05/06 19:51:27 | 000,000,196 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
[2008/05/06 19:51:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
[2008/05/06 19:51:09 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
[2008/04/20 16:32:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Embedit.INI
[2008/04/12 13:54:57 | 000,010,758 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
[2008/04/09 19:30:07 | 000,034,818 | ---- | C] () -- C:\WINDOWS\System32\st32w2k.dll
[2008/03/27 19:50:10 | 000,001,005 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/03/27 19:49:29 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/03/27 19:49:29 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/03/27 19:49:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/03/27 19:47:55 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/03/27 19:47:17 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS2200.ini
[2008/03/27 15:26:07 | 000,032,769 | ---- | C] () -- C:\WINDOWS\System32\cpinpub.dll
[2008/03/26 12:58:09 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2008/03/26 12:23:47 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/26 11:58:42 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/03/26 11:41:28 | 000,002,969 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2008/03/26 11:40:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2008/03/26 09:42:22 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/03/25 19:36:37 | 000,036,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
[2008/03/25 18:12:14 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008/03/25 18:10:37 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2008/03/25 18:10:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/03/25 18:00:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/25 17:49:39 | 000,000,470 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:36:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/25 17:29:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/25 17:22:18 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/03/25 17:22:16 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2008/03/25 17:21:34 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2008/03/25 17:21:34 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/03/25 17:21:28 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/03/25 17:21:27 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/03/25 17:21:27 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2008/03/25 17:21:27 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/03/25 17:21:27 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/03/25 17:21:23 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2008/03/25 17:21:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2008/03/25 17:21:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2008/03/25 17:21:22 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/03/25 17:21:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/03/25 17:21:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2008/03/25 17:21:03 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/03/25 17:19:56 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/03/25 12:22:18 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2008/03/25 12:20:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/25 12:19:20 | 000,339,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/14 13:42:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 07:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2006/04/13 09:03:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUsbDrvXP.sys
[2003/11/20 17:18:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,443,148 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,071,510 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/12/13 18:22:24 | 000,100,432 | ---- | C] () -- C:\Program Files\Win2000PPAHotfix.exe
========== LOP Check ==========
[2010/03/11 23:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\A-PDF
[2009/12/12 21:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/13 12:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/05/13 21:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/07/29 20:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/08/29 07:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2008/06/08 18:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/06/08 18:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/05/13 21:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/02/26 23:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/02/04 23:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/12 18:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/04 19:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/25 18:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/07/19 15:15:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/09/22 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/03/27 18:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2011/04/04 10:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/07 22:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/02/07 22:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/03/19 18:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/11 18:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/03/15 01:13:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/03/10 12:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.oit
[2011/03/20 14:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\asoftech
[2010/10/02 16:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blitware
[2008/10/20 01:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Buddi
[2009/03/24 10:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/10 00:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\COWON
[2009/06/24 20:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Datalayer
[2010/07/01 18:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/02/04 01:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2008/03/26 13:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FTW
[2009/12/11 17:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo
[2008/03/26 15:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/09/19 07:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MP3 Sorter Pro
[2008/03/26 11:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyFamily.com
[2010/02/12 18:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2010/05/13 21:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2009/10/19 10:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeRecovery
[2010/10/25 18:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2008/09/16 09:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2010/05/13 21:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2008/10/14 11:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Progeny
[2008/07/08 11:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PTAssembler
[2008/09/22 21:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2011/04/03 23:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2008/09/22 21:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2009/08/07 22:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Trusteer
[2011/01/09 17:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VisionBoardBuilder
[2010/02/07 22:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2010/03/01 20:42:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C28FF86E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A235FA9E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEBD9BCF
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B4123E9
< End of report >
Hi,
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C28FF86E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A235FA9E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEBD9BCF
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B4123E9
:Services
:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
:Files
ipconfig /flushdns /c
c:\windows\system32\null0.24477071685619223.exe
c:\windows\system32\null0.5133397128311065.exe
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top <--Not run scan
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Ken, enclosing ERUNDT log and OTL log. I'm a bit unsure of one thing--I restored my registry after I ran OTL for the final log--did I do this right? Thanks, Ken.
All processes killed
========== PROCESSES ==========
========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63238B95 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C28FF86E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A235FA9E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEBD9BCF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2B4123E9 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\\svchost.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
File\Folder c:\windows\system32\null0.24477071685619223.exe not found.
File\Folder c:\windows\system32\null0.5133397128311065.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41661 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 520980 bytes
->Flash cache emptied: 1081 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1553618 bytes
->Java cache emptied: 9856 bytes
->Flash cache emptied: 7363 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1310854 bytes
->Java cache emptied: 9829 bytes
->Flash cache emptied: 9533 bytes
User: Owner
->Temp folder emptied: 1295872 bytes
->Temporary Internet Files folder emptied: 1924454 bytes
->Java cache emptied: 59069 bytes
->FireFox cache emptied: 30944645 bytes
->Flash cache emptied: 2999161 bytes
User: TEMP
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6736314 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125554 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 96373 bytes
RecycleBin emptied: 233788 bytes
Total Files Cleaned = 46.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.22.3 log created on 04042011_162450
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q0QNNVPL\favicon[1].ico not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q0QNNVPL\showthread[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\06IFM84G\favicon[1].ico not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\06IFM84G\favicon[2].ico not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\06IFM84G\favicon[3].ico not found!
Registry entries deleted on Reboot...
OTL logfile created on: 4/4/2011 4:42:24 PM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 35.76 Gb Free Space | 32.01% Space Free | Partition Type: NTFS
Drive D: | 697.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 492.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: Owner | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (LMIRescue) LogMeIn Rescue (11520163-0ed2-4c3a-9f26-eef0e51c86c2) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (InterBaseServer) -- C:\Program Files\Borland\Interbase\Bin\IBServer.exe (Inprise Corporation)
SRV - (InterBaseGuardian) -- C:\Program Files\Borland\Interbase\Bin\IBGuard.exe (Inprise Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ()
SRV - (Iomega Activity Disk2) -- C:\Program Files\Iomega\System32\ActivityDisk.exe (Iomega Corporation)
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110403.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110403.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSXpx86.sys (Symantec Corporation)
DRV - (RapportCerberus_23945) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (Trusteer Ltd.)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (RapportIaso) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys (Trusteer Ltd.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 300(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (SydexFDD) -- C:\WINDOWS\system32\drivers\SYDEXFDD.SYS (Windows (R) 2000 DDK provider)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\dla\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\dla\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\dla\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (busbcrw) -- C:\WINDOWS\system32\drivers\busbcrw.sys (Brother Industries, Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\Aspi32.sys (Adaptec)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/news"
FF - prefs.js..extensions.enabledItems: http://forums.spybot.info/misc.php?do=email_dev&email=anFzQHN1bi5jb20=:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {5C90D152-03C5-46F8-B353-58F544134553}:1.9.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/08 05:42:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/13 23:02:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 22:06:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 12:44:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/21 21:24:51 | 000,000,000 | ---D | M]
[2009/06/02 14:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/02/05 22:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions
[2010/07/18 09:04:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/02 16:14:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\searchplugins\askcom.xml
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 22:06:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/13 23:02:00 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{5C90D152-03C5-46F8-B353-58F544134553}
[2010/03/18 20:44:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/18 10:34:04 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
O1 HOSTS File: ([2011/04/04 16:25:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206480799890 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/27 16:41:54 | 000,000,000 | ---D | M] - C:\AutoBackup -- [ NTFS ]
O32 - AutoRun File - [2008/03/25 17:31:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/09 17:50:20 | 000,000,053 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2000/07/23 15:53:52 | 000,060,416 | R--- | M] (AshzFall) - E:\autostart.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/04 16:24:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/04 16:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ERUNT
[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\System
[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2011/04/03 21:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MY HOUSE PLANS
[2011/04/03 18:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/03 18:14:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/03 18:14:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/03 18:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/02 23:38:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/02 23:25:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/02 23:25:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/02 23:25:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/02 23:25:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/02 23:24:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/02 23:24:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/02 23:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SPYBOT FORUM
[2011/03/29 21:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HOUSE PLANS
[2011/03/29 18:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/29 18:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/26 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/03/25 07:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\KINGSTON FLASH
[2011/03/25 00:14:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2011/03/24 12:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\STRAIGHT FONTS
[2011/03/21 22:01:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/20 15:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/03/20 15:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Recover My Files v4
[2011/03/20 15:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2011/03/20 14:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\asoftech
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Asoftech Data Recovery
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Asoftech
[2011/03/19 18:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/03/19 18:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/03/15 22:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ggdesigns_Ours&Guest
[2011/03/15 00:09:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/03/15 00:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[2011/03/14 18:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SCRIPT FONTS
[2011/03/13 11:42:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2011/03/13 11:36:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2011/03/11 08:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GENEALOGY REFERENCES
[2011/03/10 23:36:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2011/03/10 12:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.oit
[2011/03/10 12:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/03/10 12:31:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VIEWERS
[2011/03/10 12:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield Shared
[2011/03/10 07:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/10 06:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/10 06:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/07 10:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB
[2010/02/07 22:20:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2008/03/25 17:21:16 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
========== Files - Modified Within 30 Days ==========
[2011/04/04 16:32:35 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\Owner\Cache.db
[2011/04/04 16:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/04 16:26:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 16:26:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 16:26:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/04/04 16:26:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/04/04 16:25:36 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 16:25:36 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 16:25:36 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 16:25:36 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 16:25:36 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/04 16:25:36 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/04 16:25:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 16:25:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 16:25:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/04 16:01:42 | 000,000,039 | ---- | M] () -- C:\WINDOWS\Embmake.INI
[2011/04/04 16:00:47 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\erunt.zip
[2011/04/04 00:45:22 | 000,306,971 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 21:59:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:14:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:38:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/02 23:21:30 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/04/02 12:17:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/31 23:34:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 00:33:22 | 000,306,004 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/25 09:28:00 | 000,038,481 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido 2.pes
[2011/03/25 08:54:07 | 000,034,022 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido 1.pes
[2011/03/24 23:46:11 | 000,051,717 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido Lamborghini.pes
[2011/03/24 10:29:03 | 000,000,040 | ---- | M] () -- C:\WINDOWS\Embedit.INI
[2011/03/21 22:18:51 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/18 00:00:43 | 000,024,020 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\40-205mf-1300.gif
[2011/03/16 22:26:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/16 06:23:00 | 000,121,580 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\blrheartoval.pes
[2011/03/14 19:29:18 | 000,048,258 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ROPEOVALguest.PES
[2011/03/14 19:24:39 | 000,101,613 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\blrropeoval.pes
[2011/03/14 19:23:23 | 000,012,675 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\guest for 4x4 ovals.pes
[2011/03/13 23:12:58 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/13 22:59:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/13 07:45:58 | 000,443,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 07:45:58 | 000,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 12:43:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ytatadu.bin
========== Files Created - No Company Name ==========
[2011/04/04 16:00:47 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\erunt.zip
[2011/04/04 00:45:21 | 000,306,971 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 18:14:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:38:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/02 23:38:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/02 23:25:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/02 23:25:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 23:25:31 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/02 23:25:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 23:25:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 23:21:21 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/03/31 23:26:19 | 004,481,358 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/03/31 00:33:21 | 000,306,004 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/29 23:25:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/25 09:28:00 | 000,038,481 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido 2.pes
[2011/03/25 08:54:07 | 000,034,022 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido 1.pes
[2011/03/24 23:46:11 | 000,051,717 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido Lamborghini.pes
[2011/03/21 22:18:51 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:12 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/18 00:00:42 | 000,024,020 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\40-205mf-1300.gif
[2011/03/14 19:29:18 | 000,048,258 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ROPEOVALguest.PES
[2011/03/14 19:24:39 | 000,101,613 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\blrropeoval.pes
[2011/03/14 19:24:30 | 000,121,580 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\blrheartoval.pes
[2011/03/14 19:23:23 | 000,012,675 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\guest for 4x4 ovals.pes
[2011/03/13 23:12:58 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ytatadu.bin
[2010/09/11 12:10:29 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/14 16:09:55 | 000,000,271 | ---- | C] () -- C:\WINDOWS\PCTuneUp.INI
[2010/07/29 23:31:25 | 000,161,256 | ---- | C] () -- C:\WINDOWS\Expstudio Audio Editor FREE Uninstaller.exe
[2010/07/29 20:29:51 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/07/12 09:56:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/05 13:32:10 | 000,188,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/05 13:02:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\downloads.m3u
[2010/02/12 18:35:02 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2010/02/07 23:10:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/07 22:20:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/02/07 22:20:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/02/07 10:24:24 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/29 07:47:28 | 000,000,000 | ---- | C] () -- C:\Program Files\023432
[2009/08/01 17:57:24 | 000,000,314 | ---- | C] () -- C:\WINDOWS\System32\commong7.dat
[2009/08/01 17:54:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/06/02 14:19:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/30 10:26:24 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Embmake.INI
[2009/05/21 16:59:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2009/04/21 11:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2008/12/15 06:39:49 | 000,000,410 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/13 23:06:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/04 07:38:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/11/04 07:38:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/11/04 07:38:31 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/11/04 07:38:31 | 000,021,638 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/11/04 07:38:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/11/04 07:38:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/09/23 23:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/09/23 23:19:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/23 23:19:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/22 18:03:20 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/07/16 20:08:21 | 000,938,328 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/07/16 20:08:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2008/07/16 20:08:21 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2008/07/16 20:06:28 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/16 14:51:22 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2008/07/13 13:18:03 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2008/07/13 13:18:03 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2008/07/13 13:18:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/07/08 11:14:22 | 000,905,728 | ---- | C] () -- C:\WINDOWS\System32\Pano12.dll
[2008/05/06 19:51:30 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
[2008/05/06 19:51:27 | 000,000,196 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
[2008/05/06 19:51:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
[2008/05/06 19:51:09 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
[2008/04/20 16:32:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Embedit.INI
[2008/04/12 13:54:57 | 000,010,758 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
[2008/04/09 19:30:07 | 000,034,818 | ---- | C] () -- C:\WINDOWS\System32\st32w2k.dll
[2008/03/27 19:50:10 | 000,001,005 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/03/27 19:49:29 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/03/27 19:49:29 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/03/27 19:49:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/03/27 19:47:55 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/03/27 19:47:17 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS2200.ini
[2008/03/27 15:26:07 | 000,032,769 | ---- | C] () -- C:\WINDOWS\System32\cpinpub.dll
[2008/03/26 12:58:09 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2008/03/26 12:23:47 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/26 11:58:42 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/03/26 11:41:28 | 000,002,969 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2008/03/26 11:40:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2008/03/26 09:42:22 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/03/25 19:36:37 | 000,036,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
[2008/03/25 18:12:14 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008/03/25 18:10:37 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2008/03/25 18:10:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/03/25 18:00:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/25 17:49:39 | 000,000,470 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:36:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/25 17:29:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/25 17:22:18 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/03/25 17:22:16 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2008/03/25 17:21:34 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2008/03/25 17:21:34 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/03/25 17:21:28 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/03/25 17:21:27 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/03/25 17:21:27 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2008/03/25 17:21:27 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/03/25 17:21:27 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/03/25 17:21:23 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2008/03/25 17:21:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2008/03/25 17:21:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2008/03/25 17:21:22 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/03/25 17:21:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/03/25 17:21:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2008/03/25 17:21:03 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/03/25 17:19:56 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/03/25 12:22:18 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2008/03/25 12:20:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/25 12:19:20 | 000,339,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/14 13:42:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 07:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2006/04/13 09:03:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUsbDrvXP.sys
[2003/11/20 17:18:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,443,148 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,071,510 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/12/13 18:22:24 | 000,100,432 | ---- | C] () -- C:\Program Files\Win2000PPAHotfix.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
< End of report >
We have you run ERUNT to back up your registry in case after running the OTL fix there is a problem than you can restore it, so no you should not have restored the registry, it may have put back the reg entry for click.giftload
Let run this again and make sure its not back
First do another back up with ERUNT
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
:Services
:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
:Files
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Ok, Ken. Here are the new logs. Thank you very much.
All processes killed
========== PROCESSES ==========
========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\\svchost.exe not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Owner
->Temp folder emptied: 1312256 bytes
->Temporary Internet Files folder emptied: 2008725 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: TEMP
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04042011_201908
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8C86.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8CF1.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8ED6.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8EEB.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF938C.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF9497.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temp\~DFAE84.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZVJKAME9\favicon[1].ico moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GN4DQKUU\favicon[1].ico moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GN4DQKUU\favicon[2].ico moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\B9X6WU4O\favicon[1].ico moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\B9X6WU4O\showthread[2].htm moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_188.dat not found!
Registry entries deleted on Reboot...
OTL logfile created on: 4/4/2011 8:49:21 PM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 35.35 Gb Free Space | 31.64% Space Free | Partition Type: NTFS
Drive D: | 697.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 492.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: Owner | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (LMIRescue) LogMeIn Rescue (11520163-0ed2-4c3a-9f26-eef0e51c86c2) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (InterBaseServer) -- C:\Program Files\Borland\Interbase\Bin\IBServer.exe (Inprise Corporation)
SRV - (InterBaseGuardian) -- C:\Program Files\Borland\Interbase\Bin\IBGuard.exe (Inprise Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ()
SRV - (Iomega Activity Disk2) -- C:\Program Files\Iomega\System32\ActivityDisk.exe (Iomega Corporation)
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110404.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110404.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSXpx86.sys (Symantec Corporation)
DRV - (RapportCerberus_23945) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (Trusteer Ltd.)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (RapportIaso) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys (Trusteer Ltd.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 300(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (SydexFDD) -- C:\WINDOWS\system32\drivers\SYDEXFDD.SYS (Windows (R) 2000 DDK provider)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\dla\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\dla\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\dla\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (busbcrw) -- C:\WINDOWS\system32\drivers\busbcrw.sys (Brother Industries, Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\Aspi32.sys (Adaptec)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/news"
FF - prefs.js..extensions.enabledItems: http://forums.spybot.info/misc.php?do=email_dev&email=anFzQHN1bi5jb20=:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {5C90D152-03C5-46F8-B353-58F544134553}:1.9.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/08 05:42:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/13 23:02:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 22:06:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 12:44:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/21 21:24:51 | 000,000,000 | ---D | M]
[2009/06/02 14:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/02/05 22:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions
[2010/07/18 09:04:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/02 16:14:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\searchplugins\askcom.xml
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 22:06:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/13 23:02:00 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{5C90D152-03C5-46F8-B353-58F544134553}
[2010/03/18 20:44:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/18 10:34:04 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
O1 HOSTS File: ([2011/04/04 16:25:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206480799890 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/27 16:41:54 | 000,000,000 | ---D | M] - C:\AutoBackup -- [ NTFS ]
O32 - AutoRun File - [2008/03/25 17:31:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/09 17:50:20 | 000,000,053 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2000/07/23 15:53:52 | 000,060,416 | R--- | M] (AshzFall) - E:\autostart.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/04 16:24:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/04 16:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ERUNT
[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\System
[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2011/04/03 21:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MY HOUSE PLANS
[2011/04/03 18:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/03 18:14:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/03 18:14:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/03 18:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/02 23:38:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/02 23:25:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/02 23:25:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/02 23:25:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/02 23:25:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/02 23:24:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/02 23:24:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/02 23:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SPYBOT FORUM
[2011/03/29 21:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HOUSE PLANS
[2011/03/29 18:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/29 18:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/26 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/03/25 07:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\KINGSTON FLASH
[2011/03/25 00:14:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2011/03/24 12:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\STRAIGHT FONTS
[2011/03/21 22:01:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/20 15:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/03/20 15:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Recover My Files v4
[2011/03/20 15:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2011/03/20 14:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\asoftech
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Asoftech Data Recovery
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Asoftech
[2011/03/19 18:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/03/19 18:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/03/15 00:09:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/03/15 00:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[2011/03/14 18:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SCRIPT FONTS
[2011/03/13 11:42:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2011/03/13 11:36:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2011/03/11 08:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GENEALOGY REFERENCES
[2011/03/10 23:36:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2011/03/10 12:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.oit
[2011/03/10 12:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/03/10 12:31:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VIEWERS
[2011/03/10 12:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield Shared
[2011/03/10 07:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/10 06:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/10 06:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/07 10:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB
[2010/02/07 22:20:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2008/03/25 17:21:16 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
========== Files - Modified Within 30 Days ==========
[2011/04/04 20:48:57 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\Owner\Cache.db
[2011/04/04 20:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/04 20:21:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 20:20:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 20:20:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/04/04 20:20:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/04/04 20:19:34 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 20:19:34 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 20:19:34 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 20:19:34 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 20:19:34 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/04 20:19:34 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/04 20:19:34 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 20:19:34 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 16:57:21 | 017,825,792 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.bak
[2011/04/04 16:25:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/04 16:01:42 | 000,000,039 | ---- | M] () -- C:\WINDOWS\Embmake.INI
[2011/04/04 00:45:22 | 000,306,971 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 21:59:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:14:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:38:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/02 23:21:30 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/04/02 13:00:38 | 000,011,432 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Backup of COMPUTER DEFINITIONS.wbk
[2011/04/02 12:17:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/31 23:34:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 00:33:22 | 000,306,004 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/24 10:29:03 | 000,000,040 | ---- | M] () -- C:\WINDOWS\Embedit.INI
[2011/03/21 22:18:51 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/16 22:26:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/13 23:12:58 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/13 22:59:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/13 07:45:58 | 000,443,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 07:45:58 | 000,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 12:43:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ytatadu.bin
========== Files Created - No Company Name ==========
[2011/04/04 00:45:21 | 000,306,971 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 18:14:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:38:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/02 23:38:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/02 23:25:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/02 23:25:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 23:25:31 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/02 23:25:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 23:25:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 23:21:21 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/03/31 23:26:19 | 004,481,358 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/03/31 00:33:21 | 000,306,004 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/30 17:46:44 | 000,011,432 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Backup of COMPUTER DEFINITIONS.wbk
[2011/03/29 23:25:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/21 22:18:51 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:12 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/13 23:12:58 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ytatadu.bin
[2010/09/11 12:10:29 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/14 16:09:55 | 000,000,271 | ---- | C] () -- C:\WINDOWS\PCTuneUp.INI
[2010/07/29 23:31:25 | 000,161,256 | ---- | C] () -- C:\WINDOWS\Expstudio Audio Editor FREE Uninstaller.exe
[2010/07/29 20:29:51 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/07/12 09:56:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/05 13:32:10 | 000,188,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/05 13:02:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\downloads.m3u
[2010/02/12 18:35:02 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2010/02/07 23:10:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/07 22:20:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/02/07 22:20:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/02/07 10:24:24 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/29 07:47:28 | 000,000,000 | ---- | C] () -- C:\Program Files\023432
[2009/08/01 17:57:24 | 000,000,314 | ---- | C] () -- C:\WINDOWS\System32\commong7.dat
[2009/08/01 17:54:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/06/02 14:19:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/30 10:26:24 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Embmake.INI
[2009/05/21 16:59:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2009/04/21 11:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2008/12/15 06:39:49 | 000,000,410 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/13 23:06:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/04 07:38:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/11/04 07:38:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/11/04 07:38:31 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/11/04 07:38:31 | 000,021,638 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/11/04 07:38:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/11/04 07:38:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/09/23 23:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/09/23 23:19:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/23 23:19:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/22 18:03:20 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/07/16 20:08:21 | 000,938,328 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/07/16 20:08:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2008/07/16 20:08:21 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2008/07/16 20:06:28 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/16 14:51:22 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2008/07/13 13:18:03 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2008/07/13 13:18:03 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2008/07/13 13:18:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/07/08 11:14:22 | 000,905,728 | ---- | C] () -- C:\WINDOWS\System32\Pano12.dll
[2008/05/06 19:51:30 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
[2008/05/06 19:51:27 | 000,000,196 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
[2008/05/06 19:51:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
[2008/05/06 19:51:09 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
[2008/04/20 16:32:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Embedit.INI
[2008/04/12 13:54:57 | 000,010,758 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
[2008/04/09 19:30:07 | 000,034,818 | ---- | C] () -- C:\WINDOWS\System32\st32w2k.dll
[2008/03/27 19:50:10 | 000,001,005 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/03/27 19:49:29 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/03/27 19:49:29 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/03/27 19:49:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/03/27 19:47:55 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/03/27 19:47:17 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS2200.ini
[2008/03/27 15:26:07 | 000,032,769 | ---- | C] () -- C:\WINDOWS\System32\cpinpub.dll
[2008/03/26 12:58:09 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2008/03/26 12:23:47 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/26 11:58:42 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/03/26 11:41:28 | 000,002,969 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2008/03/26 11:40:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2008/03/26 09:42:22 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/03/25 19:36:37 | 000,036,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
[2008/03/25 18:12:14 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008/03/25 18:10:37 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2008/03/25 18:10:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/03/25 18:00:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/25 17:49:39 | 000,000,470 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:36:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/25 17:29:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/25 17:22:18 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/03/25 17:22:16 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2008/03/25 17:21:34 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2008/03/25 17:21:34 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/03/25 17:21:28 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/03/25 17:21:27 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/03/25 17:21:27 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2008/03/25 17:21:27 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/03/25 17:21:27 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/03/25 17:21:23 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2008/03/25 17:21:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2008/03/25 17:21:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2008/03/25 17:21:22 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/03/25 17:21:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/03/25 17:21:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2008/03/25 17:21:03 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/03/25 17:19:56 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/03/25 12:22:18 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2008/03/25 12:20:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/25 12:19:20 | 000,339,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/14 13:42:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 07:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2006/04/13 09:03:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUsbDrvXP.sys
[2003/11/20 17:18:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,443,148 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,071,510 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/12/13 18:22:24 | 000,100,432 | ---- | C] () -- C:\Program Files\Win2000PPAHotfix.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
< End of report >
Good Morning,
Delete these, leave them in the Recycle Bin for a day or two and if needed you can restore them
C:\WINDOWS\Smolalega.dat
C:\WINDOWS\Ytatadu.bin
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
Hello Ken. Results of my ESET Scan. . .Thank you very much.
C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\Registry Reviver.msi a variant of Win32/SlowPCfighter application
C:\Documents and Settings\Owner\Application Data\Dell\Installers\PCTuneUp2.exe probably unknown NewHeur_PE virus
C:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_E46504FBC18F44E8AF8E3B7F9336AC1A\p1v1_PPIRegistryReviver_w.exe a variant of Win32/SlowPCfighter application
C:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_E46504FBC18F44E8AF8E3B7F9336AC1A\PPIRegistryReviverSetup.exe a variant of Win32/SlowPCfighter application
C:\Qoobox\Quarantine\C\WINDOWS\_rr_kscidp3.dll.vir a variant of Win32/Cimag.GA trojan
C:\System Volume Information\_restore{2F08FB2F-4FA4-4518-96B2-D72059EA7679}\RP1708\A0256505.dll a variant of Win32/Cimag.GA trojan
You had a bad entry in System Restore, there may be more
System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.
Please follow the steps below to create a clean restore point:
Click Start > Run > copy and paste the following into the run box:
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.
Then remove all previous Restore Points
Click Start > Run > copy and paste the following into the run box:
cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.
Let me know how things are running now ?
Ken, successfully created a new restore point, but am having an issue removing all previous Restore Points through 'cleanmgr.' The dialogue box does not allow options to scan any drive, nor does it show a System Restore box where I can select 'More Options' and 'Clean up' buttons. Is something missing?
I am happy to report that my computer now appears to be very healthy and is running smoothly and quickly--better than new!
Will wait for further directions.
Thank you!
You can do it the old fashion way. When you turn off System restore it will remove all the restore points so make sure when your done to create a new one
System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points
Turn off System Restore.
Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore on all Drives.
Click Apply, and then click OK.
Reboot your computer
Turn ON System Restore.
Right-click My Computer.
ClickProperties.
Click the System Restore tab.
UN-Check Turn off System Restore on all Drives.
Click Apply, and then click OK.
Create a new Restore Point <-- Very Important
Go to Start> All Programs> Assesories> System Tools> System Restore and create a New Restore Point
System Restore Tutorial (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- If you need it
Let me know how it went
Success! Thank you very much, Ken.
I have one more question/problem that is directly related to Click.GiftLoad. If you feel that I should start a new thread, I will do that.
When Click.GiftLoad initially attacked my computer, it simultaneously affected my external hard drive. As a result, I was unable to use my computer at all because a blue screen bearing the following message kept appearing with each reboot:
stop: OX 0000007B (OX F78A2524, OX C0000034, OX 00000000, OX 00000000).
When it occurred to me to unplug my external hard drive, I was then able to access the computer.
My question is this: I would like to plug my external hard drive back but am concerned that it may produce a blue screen again, and that my computer will be reinfected.
Any direction you can offer is sincerely appreciated. Thank, Ken.
Good Morning
See if you can do this with the external plugged in
Please download Flash_Disinfector.exe (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) by sUBs and save it to your desktop:
Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
Please restart your computer.
If you can I would copy all your documents and photos to a cd or flash drive and then format the drive to be sure its all clean. If your having problems with this I can link you to a windows forum that can help
Thank you, Ken! Downloaded Flash Disinfector--worked beautifully, absolutely no problems. Then ran my Norton Antivirus scan on my external drive, including Spybot and Malwarebytes Anti Malware--everything came out squeeky clean. Very happy about that. Do you still recommend I reformat my external drive?
Thank you!
Morning Fran,
I would say your ok as long as all the scans came out clean. Looks like your good to go
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Thank you for all that you have done, Ken. Will indeed try to surf safely. Have a great day and a fabulous weekend ahead.
:bigthumb:
Take Care,
Ken :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.