View Full Version : new virus- can not get to internet now
toolman84
2011-04-20, 17:38
Hello,
5-6 days ago my Macafee virus protestion ran out. I have had this fro 3-4 years but was lax in renewing my subscription. I tirned on the computer one morning and signed into yahooo to check my email and I got hit with a virus. Typical add propaganda saying I was infected and must click here to remove virus. I tried to click on Macafee icon to renew subscription but I was thrown back to new visue infected messages. I tried to run malwaresbytes but got same error. I tried to go to internet to download Spybot but interenet will not work now. ( but I can connect to the internet with other computers through my wirelesee router- so it is my computer messed up not the actaul internet)
I booted into safe mode and was able to run malewarebytes. It found 6 duff trojans- on was backdor.bot and stole.date if that means anything. It said it removed the files. But once I rebooted I still can not get to the internet.
I loaded a trail version of Norton. It to found viruses and removed them but still no internet.
I am attaching DDS diles as advised. Any help is much appreacited!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 10:22:56.62 on Wed 04/20/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1308 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
K:\Hackers\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:47392
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.8.0.5\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: {F0626A63-410B-45E2-99A1-3F2475B2D695} - No File
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
c:\documents and settings\owner\local settings\temp\de1.tmp\temp00
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: text/html - {7ed929a6-11d5-4a82-9bd6-ecfabeed3b8c} -
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1108000.005\symds.sys [2011-4-19 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1108000.005\symefa.sys [2011-4-19 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20110419.001\BHDrvx86.sys [2011-4-19 802936]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1108000.005\cchpx86.sys [2011-4-19 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1108000.005\ironx86.sys [2011-4-19 116784]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-4-4 47640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.8.0.5\ccsvchst.exe [2011-4-19 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-19 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20110419.002\IDSXpx86.sys [2011-4-19 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110419.034\NAVENG.SYS [2011-4-20 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110419.034\NAVEX15.SYS [2011-4-20 1393144]
S2 0259741303160339mcinstcleanup;McAfee Application Installer Cleanup (0259741303160339);c:\docume~1\owner\locals~1\temp\025974~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\owner\locals~1\temp\025974~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [2009-5-5 55936]
S3 cpuz132;cpuz132;\??\c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-10-18 29744]
S3 meddmrr;meddmrr;c:\windows\system32\drivers\meddmrr.sys --> c:\windows\system32\drivers\meddmrr.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-16 88544]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-16 88544]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-10 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-10 40552]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\program files\msi\live update 5\DVDSYS32_100507.sys [2011-2-8 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\msi\live update 5\msibios32_100507.sys [2011-2-8 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\program files\msi\live update 5\VGASYS32_100507.sys [2011-2-8 16696]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\live update 5\NTIOLib.sys [2011-2-8 7680]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys --> c:\windows\system32\drivers\activmouse.sys [?]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-04-19 21:09:35 43696 ----a-w- c:\windows\system32\drivers\nav\1108000.005\srtspx.sys
2011-04-19 21:09:35 361904 ----a-w- c:\windows\system32\drivers\nav\1108000.005\symtdi.sys
2011-04-19 21:09:35 339504 ----a-w- c:\windows\system32\drivers\nav\1108000.005\symtdiv.sys
2011-04-19 21:09:35 328752 ----a-r- c:\windows\system32\drivers\nav\1108000.005\symds.sys
2011-04-19 21:09:35 173104 ----a-w- c:\windows\system32\drivers\nav\1108000.005\symefa.sys
2011-04-19 21:09:34 501888 ----a-w- c:\windows\system32\drivers\nav\1108000.005\cchpx86.sys
2011-04-19 21:09:34 325680 ----a-w- c:\windows\system32\drivers\nav\1108000.005\srtsp.sys
2011-04-19 21:09:34 116784 ----a-w- c:\windows\system32\drivers\nav\1108000.005\ironx86.sys
2011-04-19 21:09:21 -------- d-----w- c:\windows\system32\drivers\nav\1108000.005
2011-04-19 06:35:53 -------- d-----w- C:\NBRT
2011-04-19 02:45:12 -------- d-----w- c:\docume~1\owner\applic~1\Tific
2011-04-19 02:45:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Symantec
2011-04-18 21:42:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-04-18 21:42:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-18 21:42:05 -------- d-----w- c:\program files\Symantec
2011-04-18 21:36:44 -------- d-----w- c:\windows\system32\drivers\NAV
2011-04-18 21:36:39 -------- d-----w- c:\program files\Norton AntiVirus
2011-04-18 20:56:09 -------- d-----w- c:\program files\NortonInstaller
2011-04-18 20:52:44 -------- d-----w- c:\program files\trend micro
2011-04-05 01:41:43 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\LogMeIn
2011-04-05 01:41:38 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-04-05 01:41:37 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-04-05 01:41:37 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-04-05 01:41:37 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-04-05 01:41:27 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-04-05 01:41:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\LogMeIn
2011-04-05 01:41:04 -------- d-----w- c:\program files\LogMeIn
2011-04-05 01:39:07 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Deployment
2011-03-23 22:55:04 -------- d-----w- c:\docume~1\owner\applic~1\.minecraft
.
==================== Find3M ====================
.
2011-04-16 13:50:27 5104 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 10:23:59.50 ===============
Edit
Previous thread for different computer: http://forums.spybot.info/showthread.php?t=61858
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
We only fix one computer at a time, to try to fix them both in the same thread can be very challenging and confusing, so we will work on this one first and when where done you can start a new thread for the other one.
Open up Malwarebytes and go to the reports tab , open the one that removed the trojans and copy and paste it into this thread for me to see
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
toolman84
2011-04-26, 16:58
Malwarebytes' Anti-Malware 1.41
Database version: 3070
Windows 5.1.2600 Service Pack 3 (Safe Mode)
4/18/2011 3:50:27 PM
mbam-log-2011-04-18 (15-50-27).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 512424
Time elapsed: 3 hour(s), 15 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
toolman84
2011-04-26, 16:59
--- Report generated: 2011-04-20 11:44 ---
Babylon.Toolbar: [SBI $3BE29F71] Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}
Babylon.Toolbar: [SBI $AA4747ED] Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\escort.DLL
Babylon.Toolbar: [SBI $B04483F7] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Babylon.Toolbar: [SBI $B04483F7] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}
Babylon.Toolbar: [SBI $E0B59C7B] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}
Babylon.Toolbar: [SBI $2059D587] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3718D0AF-A3B8-4F5E-86F3-FAD8D02043BE}
Babylon.Toolbar: [SBI $9230BC9B] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{78868069-5D96-4B47-BE52-3D625EE3D7CB}
Babylon.Toolbar: [SBI $4AB6C1F6] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Babylon.Toolbar: [SBI $295D1CA8] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}
Babylon.Toolbar: [SBI $4E46F835] Program directory (Directory, fixed)
C:\Documents and Settings\Owner\Application Data\BabylonToolbar\
Babylon.Toolbar: [SBI $1AA9620D] Program directory (Directory, fixed)
C:\Documents and Settings\Owner\Application Data\BabylonToolbar\BabylonToolbar\
Babylon.Toolbar: [SBI $5FA838EA] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
GameVance: [SBI $814EF0E0] Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\{0D4A3EEA-527E-4FD8-9B2F-089B616670B8}
GameVance: [SBI $B5D06EC7] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{0AB02D6C-F605-425F-B7CB-B9E96C9FAF1E}
GameVance: [SBI $9DB72EEB] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{32864A05-9D09-472C-ABD0-081818EC713B}
MyWay.MyWebSearch: [SBI $205CC8F2] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3752288439-2540334056-98708768-1006\Software\FunWebProducts
DoubleD.HottieStarToolbar: [SBI $AEBC0FD4] Program directory (Directory, fixed)
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\
DoubleD.HottieStarToolbar: [SBI $FB4B7111] Program directory (Directory, fixed)
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data\
FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3752288439-2540334056-98708768-1006\Software\TBSB07183
FastBrowserSearchToolbar: [SBI $E62EEFC5] Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
FastBrowserSearchToolbar: [SBI $973A4586] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TBSB07183.IEToolbar
FastBrowserSearchToolbar: [SBI $973A4586] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TBSB07183.IEToolbar.1
FastBrowserSearchToolbar: [SBI $973A4586] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
FastBrowserSearchToolbar: [SBI $6408FC9D] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TBSB07183.TBSB07183
FastBrowserSearchToolbar: [SBI $6408FC9D] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TBSB07183.TBSB07183.3
FastBrowserSearchToolbar: [SBI $A8958436] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar3.XBTBPos00
FastBrowserSearchToolbar: [SBI $A8958436] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar3.XBTBPos00.1
FastBrowserSearchToolbar: [SBI $A8958436] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
FastBrowserSearchToolbar: [SBI $A8958436] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
FastBrowserSearchToolbar: [SBI $B4FBE6F2] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}
FastBrowserSearchToolbar: [SBI $BB006F6E] Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07183.TBSB07183Toolbar
FastBrowserSearchToolbar: [SBI $A4154B21] Web page (File, fixed)
C:\Program Files\Fast Browser Search\IE\about.html
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $5AA4191C] Data (File, fixed)
C:\Program Files\Fast Browser Search\IE\affid.dat
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $720425FF] Web page (File, fixed)
C:\Program Files\Fast Browser Search\IE\basis.xml
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $275AF922] Executable (File, fixed)
C:\Program Files\Fast Browser Search\IE\ClearRecycleBin.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $E04604B4] Web page (File, fixed)
C:\Program Files\Fast Browser Search\IE\error.html
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $DA8B9919] Web page (File, fixed)
C:\Program Files\Fast Browser Search\IE\FbsSearchProvider.xml
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $B64CB451] Executable (File, fixed)
C:\Program Files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $2F2B2D21] Library (File, fixed)
C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $85000F55] Picture (File, fixed)
C:\Program Files\Fast Browser Search\IE\icons.bmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $59ABBCAC] Text file (File, fixed)
C:\Program Files\Fast Browser Search\IE\info.txt
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $2F7EEF57] Web page (File, fixed)
C:\Program Files\Fast Browser Search\IE\local.xml
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $B0128362] Picture (File, fixed)
C:\Program Files\Fast Browser Search\IE\logobg.bmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $C2D3F77D] Web page (File, fixed)
C:\Program Files\Fast Browser Search\IE\MTWBtoolbar.html
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $D098C907] Picture (File, fixed)
C:\Program Files\Fast Browser Search\IE\search.bmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $B5C70AC2] Library (File, fixed)
C:\Program Files\Fast Browser Search\IE\tbhelper.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $17F4D535] Data (File, fixed)
C:\Program Files\Fast Browser Search\IE\tbs_include_script_003175.js
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $17F4D535] Data (File, fixed)
C:\Program Files\Fast Browser Search\IE\tbs_include_script_005064.js
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $17F4D535] Data (File, fixed)
C:\Program Files\Fast Browser Search\IE\tbs_include_script_012817.js
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $537164D5] Web page (File, fixed)
C:\Program Files\Fast Browser Search\IE\Toolbar Help.htm
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $23349B81] Executable (File, fixed)
C:\Program Files\Fast Browser Search\IE\uninstall.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $BE9D2D39] Executable (File, fixed)
C:\Program Files\Fast Browser Search\IE\update.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $D4512209] Text file (File, fixed)
C:\Program Files\Fast Browser Search\IE\version.txt
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
FastBrowserSearchToolbar: [SBI $73BEB1A5] Program directory (Directory, fixed)
c:\Program Files\Fast Browser Search\
FastBrowserSearchToolbar: [SBI $C0B9EED1] Program directory (Directory, fixed)
C:\Program Files\Fast Browser Search\IE\
Microsoft.Windows.Security.FirewallOpenPorts: [SBI $C57A14B8] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\443:TCP
Microsoft.Windows.Security.FirewallOpenPorts: [SBI $2E459982] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\443:TCP
Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-04-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-19 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-20 Includes\TrojansC-02.sbi (*)
2011-04-18 Includes\TrojansC-03.sbi (*)
2011-04-18 Includes\TrojansC-04.sbi (*)
2011-04-11 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
toolman84
2011-04-26, 17:01
OTL logfile created on: 4/26/2011 9:44:55 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 32.74 Gb Free Space | 22.78% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.53 Gb Free Space | 66.74% Space Free | Partition Type: FAT32
Drive K: | 1.92 Gb Total Space | 1.00 Gb Free Space | 52.09% Space Free | Partition Type: FAT
Computer Name: JESSE-ROOM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (America Online Inc)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (gusvc) -- File not found
SRV - (0259741303160339mcinstcleanup) McAfee Application Installer Cleanup (0259741303160339) -- File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110425.037\NAVEX15.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110425.037\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20110419.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20110425.001\IDSXpx86.sys (Symantec Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (NTIOLib_1_0_4) -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys (MSI)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (MSI_DVD_010507) -- C:\Program Files\MSI\Live Update 5\DVDSYS32_100507.sys (Your Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys (Your Corporation)
DRV - (MSI_VGASYS_010507) -- C:\Program Files\MSI\Live Update 5\VGASYS32_100507.sys ()
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys (Symantec Corporation)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS (Symantec Corporation)
DRV - (ActivHidSerMini) -- C:\WINDOWS\system32\drivers\activhidsermini.sys (Promethean Technologies Ltd)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (elagopro) -- C:\WINDOWS\system32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\WINDOWS\system32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048A
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048A
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/12 20:47:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2011/04/19 17:09:19 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/04/18 22:46:40 | 000,000,185 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] File not found
O4 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006..\Run: [McAfee Update] File not found
O4 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006..\Run: [yaciijla] File not found
O4 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 05:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b6b7cf73-5ec8-11db-aef6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b6b7cf73-5ec8-11db-aef6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b6b7cf73-5ec8-11db-aef6-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/26 09:42:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/26 09:39:39 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2011/04/20 11:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/20 11:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy2
[2011/04/19 17:09:35 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symtdi.sys
[2011/04/19 17:09:35 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symtdiv.sys
[2011/04/19 17:09:35 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.sys
[2011/04/19 17:09:35 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.sys
[2011/04/19 17:09:35 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.sys
[2011/04/19 17:09:34 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.sys
[2011/04/19 17:09:34 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.sys
[2011/04/19 17:09:34 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\ironx86.sys
[2011/04/19 17:09:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1108000.005
[2011/04/19 02:35:53 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/04/18 22:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2011/04/18 22:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec
[2011/04/18 17:42:06 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/04/18 17:42:06 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/04/18 17:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/18 17:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2011/04/18 17:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/04/18 17:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/04/18 17:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
[2011/04/18 16:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/18 16:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/04/18 16:52:42 | 000,000,000 | ---D | C] -- C:\rsit
[2011/04/05 11:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TravelDriveJ
[2011/04/04 21:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn
[2011/04/04 21:41:37 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/04/04 21:41:37 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/04/04 21:41:37 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/04/04 21:41:27 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/04/04 21:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/04/04 21:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/04/04 21:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2011/03/28 21:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Firmware
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/26 09:35:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/26 09:33:32 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2011/04/26 09:14:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/26 09:14:01 | 2137,247,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/25 09:57:50 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/22 07:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/20 11:01:55 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/20 11:01:55 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/04/19 22:11:25 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Antivirus.LNK
[2011/04/19 22:10:08 | 000,683,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\Cat.DB
[2011/04/18 22:46:40 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/18 17:42:06 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/04/18 17:42:06 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/04/18 17:42:06 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/04/18 17:42:05 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/04/15 08:49:27 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 04:13:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/08 09:38:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/04 21:41:24 | 000,001,024 | ---- | M] () -- C:\.rnd
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/20 21:21:47 | 2137,247,744 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/20 11:01:55 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/20 11:01:55 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/04/19 22:09:59 | 000,683,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\Cat.DB
[2011/04/19 17:09:35 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.cat
[2011/04/19 17:09:35 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnetv.cat
[2011/04/19 17:09:35 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.cat
[2011/04/19 17:09:35 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnet.cat
[2011/04/19 17:09:35 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.inf
[2011/04/19 17:09:35 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.inf
[2011/04/19 17:09:35 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnetv.inf
[2011/04/19 17:09:35 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnet.inf
[2011/04/19 17:09:34 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.cat
[2011/04/19 17:09:34 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.cat
[2011/04/19 17:09:34 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\iron.cat
[2011/04/19 17:09:34 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.cat
[2011/04/19 17:09:34 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.inf
[2011/04/19 17:09:34 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.inf
[2011/04/19 17:09:34 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.inf
[2011/04/19 17:09:34 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\iron.inf
[2011/04/19 17:09:21 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\isolate.ini
[2011/04/18 17:42:06 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/04/18 17:42:06 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/04/18 17:41:44 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Antivirus.LNK
[2011/04/04 21:41:22 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/04/04 21:41:12 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/03/28 21:25:53 | 005,642,244 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\kernelcache.release.n90
[2011/03/28 21:25:53 | 000,002,078 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Restore.plist
[2011/03/28 21:25:52 | 005,655,364 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\kernelcache.release.k48
[2011/03/28 21:25:52 | 005,561,796 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\kernelcache.release.n81
[2011/03/28 21:25:51 | 015,444,292 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\038-0032-002.dmg
[2011/03/28 21:25:51 | 000,022,707 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\BuildManifest.plist
[2011/03/28 21:25:50 | 015,423,812 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\038-0024-002.dmg
[2011/03/28 21:25:33 | 601,067,520 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\038-0019-002.dmg
[2011/01/11 19:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/12/17 11:12:42 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/16 09:53:33 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2010/09/26 14:47:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/09/14 22:27:56 | 000,116,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/27 14:10:09 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\winscp.rnd
[2009/11/22 22:49:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/15 22:09:52 | 000,041,272 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/13 21:51:24 | 000,002,438 | ---- | C] () -- C:\WINDOWS\th1234.dat
[2009/01/12 21:21:57 | 000,000,091 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/24 17:10:11 | 000,000,041 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/08/17 14:23:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/08/17 14:23:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/08/17 14:23:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/08/17 14:23:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/10 00:55:49 | 000,204,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/05 14:04:21 | 000,001,695 | ---- | C] () -- C:\WINDOWS\System32\clbcfg.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/20 12:06:21 | 000,000,654 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2007/07/20 12:04:30 | 000,001,054 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/07/20 12:04:24 | 000,000,206 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/07/20 09:35:40 | 000,000,483 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/06/24 13:14:43 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2007/03/24 17:42:27 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/15 16:56:25 | 000,000,255 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/02/12 15:56:23 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/02/01 11:30:42 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2007/02/01 11:30:36 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007/02/01 11:30:36 | 000,002,763 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/01 11:26:22 | 000,000,263 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/28 14:44:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/01/16 11:37:00 | 000,002,165 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/05 17:53:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/12/25 07:45:31 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/12/25 07:44:32 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/12/25 07:44:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/12/25 07:42:10 | 000,004,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/10/18 13:11:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/18 13:10:03 | 000,550,912 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2006/10/18 13:10:03 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/10/18 13:10:03 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe
[2006/10/18 13:10:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2006/10/18 13:10:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/10/18 13:10:03 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/10/18 13:09:43 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/10/18 13:09:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/10/18 13:04:23 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2006/06/21 05:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 05:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/20 23:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/06/17 05:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 05:24:58 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 05:24:57 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 05:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 05:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 05:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 05:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 05:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 05:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 05:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 05:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 05:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 05:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/16 22:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
========== LOP Check ==========
[2006/10/18 13:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/12/16 09:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2007/09/03 16:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2007/01/08 18:48:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/09/13 21:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/12/20 18:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2009/02/06 15:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/04/26 09:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/12/16 14:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/10/10 14:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netop
[2010/06/17 01:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/16 09:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2010/09/13 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/11/19 17:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/04/15 10:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/13 19:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/21 20:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/12 17:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 01:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/28 21:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/02 14:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\connection39\Application Data\Promethean
[2006/10/18 13:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\connection39\Application Data\SampleView
[2008/06/18 03:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\connection39\Application Data\Viewpoint
[2009/01/10 15:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\connection39\Application Data\Windows Desktop Search
[2006/10/18 13:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2006/10/18 13:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2009/07/15 11:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
[2011/03/23 18:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2009/01/12 20:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Any Video Converter
[2007/09/03 16:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Armagetron
[2011/04/05 00:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2010/09/14 19:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blackberry Desktop
[2010/09/26 20:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverFinder
[2009/12/20 18:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EmailNotifier
[2010/05/24 21:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2011/02/25 23:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameTuts
[2008/01/16 21:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/12/20 18:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ooVoo Details
[2010/01/25 09:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\oovootb
[2009/10/21 21:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2008/01/04 18:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2010/11/24 23:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2009/10/07 21:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Promethean
[2009/12/12 11:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1
[2010/09/13 21:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2006/10/18 13:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/07/14 11:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
[2006/12/25 07:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2011/04/18 22:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2007/04/15 10:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2007/01/02 00:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent
[2008/10/08 20:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2009/09/22 10:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2006/12/25 07:33:24 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040
< End of report >
toolman84
2011-04-26, 17:02
OTL Extras logfile created on: 4/26/2011 9:44:55 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 32.74 Gb Free Space | 22.78% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.53 Gb Free Space | 66.74% Space Free | Partition Type: FAT32
Drive K: | 1.92 Gb Total Space | 1.00 Gb Free Space | 52.09% Space Free | Partition Type: FAT
Computer Name: JESSE-ROOM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57340:TCP" = 57340:TCP:*:Enabled:Pando Media Booster
"57340:UDP" = 57340:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57340:TCP" = 57340:TCP:*:Enabled:Pando Media Booster
"57340:UDP" = 57340:UDP:*:Enabled:Pando Media Booster
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1161191515\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1161191515\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe" = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe:*:Enabled:AirMouse
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Documents and Settings\Owner\My Documents\Vuze Downloads\Drake - Unforgettable Feat. Young Jeezy Radio Rip - PromoDat.com\Drake - Unforgettable Feat. Young Jeezy Radio Rip - PromoDat.com.exe" = C:\Documents and Settings\Owner\My Documents\Vuze Downloads\Drake - Unforgettable Feat. Young Jeezy Radio Rip - PromoDat.com\Drake - Unforgettable Feat. Young Jeezy Radio Rip - PromoDat.com.exe:*:Enabled:C:\Documents and Settings\Owner\My Documents\Vuze Downloads\Drake - Unforgettable Feat. Young Jeezy Radio Rip - PromoDat.com\Drake - Unforgettable Feat. Young Jeezy Radio Rip - PromoDat.com.exe
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host
"C:\Program Files\Netop\Vision\Plugins\Pointer\MPointer.exe" = C:\Program Files\Netop\Vision\Plugins\Pointer\MPointer.exe:*:Enabled:Pointer
"C:\Program Files\Netop\Vision\XL\MeSuAx.exe" = C:\Program Files\Netop\Vision\XL\MeSuAx.exe:*:Enabled:Vision
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{13AAD7FE-A6AE-417A-A835-290CAA139B90}" = Ultimate Solitaire 1000
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110500840}" = Mahjong Towers Eternity
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D9B5CB4C-ACA5-483F-900F-5A5B5F511033}" = Nero BackItUp 2 Essentials
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"693218053459EBF14C6505EA1172F17672B50DD1" = Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"America Online us" = America Online (Choose which version to remove)
"Ancient Tripeaks" = Ancient Tripeaks
"Any Video Converter_is1" = Any Video Converter 2.6.7
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"Atlantica" = Atlantica
"Atlantica Online" = Atlantica Online
"ATT-PRT22" = ATT-PRT22
"b6496738c533a699d9fd84019cbbb409" = COLLAPSE!
"BellsouthHelpCenter4.0b_is1" = FastAccess® DSL Help Center 4.3
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"BroadJump Client Foundation" = BroadJump Client Foundation
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EHome Devices" = Media Center Extender
"Gateway Game Console" = Gateway Game Console
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"InterActual Player" = InterActual Player
"Liveupdate5_is1" = Liveupdate5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Monopoly" = Monopoly
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"pball6" = 3D Ultra Pinball Thrillride
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"RealPlayer 6.0" = RealPlayer
"Text Twist 2" = Text Twist 2 (remove only)
"Unlocker" = Unlocker 1.8.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/18/2011 4:46:05 PM | Computer Name = JESSE-ROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 4/18/2011 4:46:05 PM | Computer Name = JESSE-ROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 4/18/2011 4:46:05 PM | Computer Name = JESSE-ROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 4/18/2011 4:46:05 PM | Computer Name = JESSE-ROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 4/18/2011 4:46:05 PM | Computer Name = JESSE-ROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 4/18/2011 5:42:29 PM | Computer Name = JESSE-ROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 4/18/2011 5:42:31 PM | Computer Name = JESSE-ROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 4/18/2011 5:42:31 PM | Computer Name = JESSE-ROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 4/18/2011 5:44:07 PM | Computer Name = JESSE-ROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 4/19/2011 7:43:31 AM | Computer Name = JESSE-ROOM | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
[ OSession Events ]
Error - 7/30/2010 6:25:57 PM | Computer Name = JESSE-ROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/30/2010 6:26:14 PM | Computer Name = JESSE-ROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/30/2010 6:27:12 PM | Computer Name = JESSE-ROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 53
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/30/2010 6:27:35 PM | Computer Name = JESSE-ROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/30/2010 6:29:03 PM | Computer Name = JESSE-ROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 81
seconds with 60 seconds of active time. This session ended with a crash.
Error - 9/7/2010 10:02:10 PM | Computer Name = JESSE-ROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1122
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 4/20/2011 1:40:58 PM | Computer Name = JESSE-ROOM | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31
Error - 4/20/2011 1:40:58 PM | Computer Name = JESSE-ROOM | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 4/20/2011 1:40:58 PM | Computer Name = JESSE-ROOM | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31
Error - 4/20/2011 1:40:58 PM | Computer Name = JESSE-ROOM | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31
Error - 4/20/2011 1:40:58 PM | Computer Name = JESSE-ROOM | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31
Error - 4/20/2011 1:40:58 PM | Computer Name = JESSE-ROOM | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 4/20/2011 1:40:58 PM | Computer Name = JESSE-ROOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SymIRON
SYMTDI
Tcpip
Error - 4/20/2011 1:44:32 PM | Computer Name = JESSE-ROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 4/20/2011 1:44:33 PM | Computer Name = JESSE-ROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 4/20/2011 9:20:38 PM | Computer Name = JESSE-ROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
Hi,
I am at work with limited internet, I am going to have you remove some entries with OTL and it may get your internet back, I will have to look over the new log a bit later when you post it.
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
toolman84
2011-04-27, 17:24
I followed your instructions below- and I tried the internet again- and it works now! Can you tell me what the key thing was- like releasing the IP? Did the virus really do this? Imj attaching the logs and thanks so much for your help!
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry value HKEY_USERS\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : launchmodem.com
IP Address. . . . . . . . . . . . : 192.168.2.109
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: connection39
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 3472 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 1234 bytes
User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Owner
->Temp folder emptied: 884387 bytes
->Temporary Internet Files folder emptied: 95245 bytes
->Java cache emptied: 80310157 bytes
->Apple Safari cache emptied: 9627648 bytes
->Flash cache emptied: 3514324 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 6652953 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25178559 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 88928152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32969 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 205.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04272011_094401
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_250.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_600.dat not found!
Registry entries deleted on Reboot...
toolman84
2011-04-27, 17:25
OTL logfile created on: 4/27/2011 9:53:59 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 32.88 Gb Free Space | 22.87% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.53 Gb Free Space | 66.74% Space Free | Partition Type: FAT32
Drive K: | 1.92 Gb Total Space | 1.00 Gb Free Space | 52.06% Space Free | Partition Type: FAT
Computer Name: JESSE-ROOM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (America Online Inc)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (gusvc) -- File not found
SRV - (0259741303160339mcinstcleanup) McAfee Application Installer Cleanup (0259741303160339) -- File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110426.037\NAVEX15.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110426.037\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20110419.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20110425.001\IDSXpx86.sys (Symantec Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (NTIOLib_1_0_4) -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys (MSI)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (MSI_DVD_010507) -- C:\Program Files\MSI\Live Update 5\DVDSYS32_100507.sys (Your Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys (Your Corporation)
DRV - (MSI_VGASYS_010507) -- C:\Program Files\MSI\Live Update 5\VGASYS32_100507.sys ()
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys (Symantec Corporation)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS (Symantec Corporation)
DRV - (ActivHidSerMini) -- C:\WINDOWS\system32\drivers\activhidsermini.sys (Promethean Technologies Ltd)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (elagopro) -- C:\WINDOWS\system32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\WINDOWS\system32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048A
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048A
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/12 20:47:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2011/04/19 17:09:19 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/04/27 09:44:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] File not found
O4 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006..\Run: [McAfee Update] File not found
O4 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006..\Run: [yaciijla] File not found
O4 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3752288439-2540334056-98708768-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 05:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b6b7cf73-5ec8-11db-aef6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b6b7cf73-5ec8-11db-aef6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b6b7cf73-5ec8-11db-aef6-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/27 09:44:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/27 09:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\erunt
[2011/04/26 09:42:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/26 09:39:39 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2011/04/20 11:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/20 11:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy2
[2011/04/19 17:09:35 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symtdi.sys
[2011/04/19 17:09:35 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symtdiv.sys
[2011/04/19 17:09:35 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.sys
[2011/04/19 17:09:35 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.sys
[2011/04/19 17:09:35 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.sys
[2011/04/19 17:09:34 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.sys
[2011/04/19 17:09:34 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.sys
[2011/04/19 17:09:34 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\ironx86.sys
[2011/04/19 17:09:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1108000.005
[2011/04/19 02:35:53 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/04/18 22:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2011/04/18 22:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec
[2011/04/18 17:42:06 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/04/18 17:42:06 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/04/18 17:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/18 17:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2011/04/18 17:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/04/18 17:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/04/18 17:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
[2011/04/18 16:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/18 16:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/04/18 16:52:42 | 000,000,000 | ---D | C] -- C:\rsit
[2011/04/05 11:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TravelDriveJ
[2011/04/04 21:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn
[2011/04/04 21:41:37 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/04/04 21:41:37 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/04/04 21:41:37 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/04/04 21:41:27 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/04/04 21:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/04/04 21:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/04/04 21:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2011/03/28 21:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Firmware
========== Files - Modified Within 30 Days ==========
[2011/04/27 09:47:22 | 2137,247,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 09:44:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/27 09:25:42 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\erunt.zip
[2011/04/26 09:35:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/26 09:33:32 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2011/04/26 09:14:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/25 09:57:50 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/22 07:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/20 11:01:55 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/20 11:01:55 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/04/19 22:11:25 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Antivirus.LNK
[2011/04/19 22:10:08 | 000,683,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\Cat.DB
[2011/04/18 17:42:06 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/04/18 17:42:06 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/04/18 17:42:06 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/04/18 17:42:05 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/04/15 08:49:27 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 04:13:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/08 09:38:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/04 21:41:24 | 000,001,024 | ---- | M] () -- C:\.rnd
========== Files Created - No Company Name ==========
[2011/04/27 09:39:40 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\erunt.zip
[2011/04/20 21:21:47 | 2137,247,744 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/20 11:01:55 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/20 11:01:55 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/04/19 22:09:59 | 000,683,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\Cat.DB
[2011/04/19 17:09:35 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.cat
[2011/04/19 17:09:35 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnetv.cat
[2011/04/19 17:09:35 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.cat
[2011/04/19 17:09:35 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnet.cat
[2011/04/19 17:09:35 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.inf
[2011/04/19 17:09:35 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.inf
[2011/04/19 17:09:35 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnetv.inf
[2011/04/19 17:09:35 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnet.inf
[2011/04/19 17:09:34 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.cat
[2011/04/19 17:09:34 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.cat
[2011/04/19 17:09:34 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\iron.cat
[2011/04/19 17:09:34 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.cat
[2011/04/19 17:09:34 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.inf
[2011/04/19 17:09:34 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.inf
[2011/04/19 17:09:34 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.inf
[2011/04/19 17:09:34 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\iron.inf
[2011/04/19 17:09:21 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\isolate.ini
[2011/04/18 17:42:06 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/04/18 17:42:06 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/04/18 17:41:44 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Antivirus.LNK
[2011/04/04 21:41:22 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/04/04 21:41:12 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/03/28 21:25:53 | 005,642,244 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\kernelcache.release.n90
[2011/03/28 21:25:53 | 000,002,078 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Restore.plist
[2011/03/28 21:25:52 | 005,655,364 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\kernelcache.release.k48
[2011/03/28 21:25:52 | 005,561,796 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\kernelcache.release.n81
[2011/03/28 21:25:51 | 015,444,292 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\038-0032-002.dmg
[2011/03/28 21:25:51 | 000,022,707 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\BuildManifest.plist
[2011/03/28 21:25:50 | 015,423,812 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\038-0024-002.dmg
[2011/03/28 21:25:33 | 601,067,520 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\038-0019-002.dmg
[2011/01/11 19:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/12/17 11:12:42 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/16 09:53:33 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2010/09/26 14:47:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/09/14 22:27:56 | 000,116,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/27 14:10:09 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\winscp.rnd
[2009/11/22 22:49:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/15 22:09:52 | 000,041,272 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/13 21:51:24 | 000,002,438 | ---- | C] () -- C:\WINDOWS\th1234.dat
[2009/01/12 21:21:57 | 000,000,091 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/24 17:10:11 | 000,000,041 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/08/17 14:23:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/08/17 14:23:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/08/17 14:23:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/08/17 14:23:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/10 00:55:49 | 000,204,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/05 14:04:21 | 000,001,695 | ---- | C] () -- C:\WINDOWS\System32\clbcfg.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/20 12:06:21 | 000,000,654 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2007/07/20 12:04:30 | 000,001,054 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/07/20 12:04:24 | 000,000,206 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/07/20 09:35:40 | 000,000,483 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/06/24 13:14:43 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2007/03/24 17:42:27 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/15 16:56:25 | 000,000,255 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/02/12 15:56:23 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/02/01 11:30:42 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2007/02/01 11:30:36 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007/02/01 11:30:36 | 000,002,763 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/01 11:26:22 | 000,000,263 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/28 14:44:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/01/16 11:37:00 | 000,002,165 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/05 17:53:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/12/25 07:45:31 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/12/25 07:44:32 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/12/25 07:44:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/12/25 07:42:10 | 000,004,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/10/18 13:11:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/18 13:10:03 | 000,550,912 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2006/10/18 13:10:03 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/10/18 13:10:03 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe
[2006/10/18 13:10:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2006/10/18 13:10:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/10/18 13:10:03 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/10/18 13:09:43 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/10/18 13:09:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/10/18 13:04:23 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2006/06/21 05:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 05:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/20 23:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/06/17 05:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 05:24:58 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 05:24:57 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 05:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 05:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 05:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 05:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 05:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 05:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 05:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 05:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 05:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 05:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/16 22:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
========== Alternate Data Streams ==========
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040
< End of report >
Part of the problem is the malware set a proxy
But part of the fix didn't take, make sure you disable all antivirus and spyware programs, especially the TeaTimer in Spybot
Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )