View Full Version : I'm not sure what's wrong
Hi.
I don't know what is wrong with my computer. It has been running a lot slower than usual, and freezing up on occasion. I have Norton Internet Security, which did not detect anything, but when I called the support number, the person could not connect to my computer to gain control of it. I ran a couple of malware removal programs before I found this forum. Malware Bytes removed a trojan (I do not know which one, and I have since uninstalled it). Microsoft Safety Scanner produced the following list, which have been removed:
Trojan:Java/Bytverify
Trojan:Java/Classloader
TrojanDownloader:Java/OpenConnection.F
Exploit:HTML/Mht
The performance improved, but only slightly. After that, I found this forum. I tried to run DDS, but it would scan for a few (around 3) hours then stop working. I then ran Spybot, and the results are as follows:
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-08-14 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-08-29 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-08-31 Includes\Malware.sbi (*)
2011-09-06 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-09-06 Includes\TrojansC-02.sbi (*)
2011-08-09 Includes\TrojansC-03.sbi (*)
2011-09-05 Includes\TrojansC-04.sbi (*)
2011-09-07 Includes\TrojansC-05.sbi (*)
2011-08-23 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
The computer is a laptop running Windows XP, Service Pack 3.
Please let me know if you need further information. Thank you.
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
Having said that....Let's get going!! :thumbup:
Hi cosmic1,
Please download DDS from either of these links
LINK 1 (http://download.bleepingcomputer.com/sUBs/dds.com)
LINK 2 (http://download.bleepingcomputer.com/sUBs/dds.scr)
and save it to your desktop.
Disable any script blocking protection
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt
----------
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).
Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe ) to your desktop.
Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png )
Click the image to enlarge it
----------
In your next reply please post the logs created by DDS, GMER and aswMBR. :)
Hi, Jeff.
Thanks for helping me with this problem. I just have a quick question before we begin. How do I know if script blocking protection is enabled, and how do I disable it? Thanks.
Hi cosmic1,
Good question. :) You can disable your script blocking software by using the following instructions.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
Hi, Jeff.
I disabled Norton Internet Security, and DDS still didn't work. I even turned everything in Norton off, and still no luck. It looks like it gets slightly more than half finished, and then the program freezes. About a minute later, the computer freezes. Do you want me to continue with the rest of the instructions without the DDS? Thanks for the help.
Hi cosmic1,
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
----------
Do you want me to continue with the rest of the instructionsYes please do so only if you get OTL above to run. Once you get those tools ran please post the logs into your next reply. :)
Hi, Jeff. Here are the OTL logs. I could not fit both together, so this post has OTL.txt, and the next will have Extras.txt
OTL.txt
OTL logfile created on: 9/13/2011 2:20:25 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
254.98 Mb Total Physical Memory | 97.20 Mb Available Physical Memory | 38.12% Memory free
1.21 Gb Paging File | 0.98 Gb Available in Paging File | 80.80% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1600 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 4.40 Gb Free Space | 15.73% Space Free | Partition Type: NTFS
Computer Name: MINIME | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\WINNT\GWHotKey.exe (BillP Studios)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ACS) -- C:\WINNT\system32\acs.exe ()
========== Driver Services (SafeList) ==========
DRV - (SymEvent) -- C:\WINNT\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110910.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110910.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110909.030\IDSXpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110901.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINNT\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (Revoflt) -- C:\WINNT\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (LUsbFilt) -- C:\WINNT\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINNT\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINNT\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (Cdralw2k) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINNT\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINNT\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (usb2vcom) -- C:\WINNT\system32\drivers\usb2vcom.sys ()
DRV - (Afc) -- C:\WINNT\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (CoachAud) -- C:\WINNT\system32\drivers\CoachAud.sys (FotoNation Inc.)
DRV - (AR5211) -- C:\WINNT\system32\drivers\ar5211.sys (D-Link )
DRV - (PRISM_A02) -- C:\WINNT\system32\drivers\WUSB20XP.sys (GlobespanVirata, Inc.)
DRV - (NPF) -- C:\WINNT\system32\drivers\packet.sys ()
DRV - (ati2mtag) -- C:\WINNT\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (dvd_2K) -- C:\WINNT\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINNT\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINNT\System32\drivers\pwd_2K.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINNT\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINNT\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (wlluc48) -- C:\WINNT\system32\drivers\wlluc48.sys (Lucent Technologies)
DRV - (allegro) ESS Allegro Audio Driver (WDM) -- C:\WINNT\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (GTWModem) -- C:\WINNT\system32\drivers\GWMDM.sys (GTW)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: CLSID key missing. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Merriam-Webster Dictionary"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: define@sogame.cat:1.4.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/09/07 14:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_1_3 [2011/09/13 14:06:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 16:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/08 17:57:26 | 000,000,000 | ---D | M]
[2008/09/01 23:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/09/06 12:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions
[2010/04/27 22:29:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/16 07:45:46 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/03/11 03:58:33 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/03/11 03:15:54 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2011/08/28 01:51:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/08/28 01:51:51 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/03/11 06:04:46 | 000,000,000 | ---D | M] (Define) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\define@sogame.cat
[2010/03/11 03:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/03/11 03:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2008/06/18 17:04:04 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\searchplugins\webster.xml
[2011/09/06 12:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/13 14:06:16 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_1_3
[2011/09/07 14:07:25 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
[2011/09/06 16:22:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2004/01/13 22:09:25 | 000,176,176 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/02/07 18:41:04 | 000,002,151 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/08/30 15:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2007/07/15 09:19:00 | 000,000,173 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.gif
[2007/07/31 22:27:00 | 000,000,271 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.src
O1 HOSTS File: ([2011/09/11 01:53:54 | 000,437,601 | R--- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15052 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3: - HKCU\..\Toolbar\ShellBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINNT\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Multi-function Keyboard] C:\WINNT\GWHotKey.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave.com/content/luxor/sis/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} http://imlive.com/ChatSource/gVideoContol.cab (Eyeball Video Session Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E51D276-3EEE-40F8-A7C8-AB4E49213D66}: NameServer = 4.2.2.2,4.2.2.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{93e28000-3284-11d8-b97c-00e0b8506b80}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/13 14:17:02 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/11 20:52:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/08 19:01:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/09/08 03:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/09/08 03:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/08 03:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group
[2011/09/08 03:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/09/08 03:06:24 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINNT\System32\drivers\revoflt.sys
[2011/09/08 03:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/09/08 02:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/09/08 00:06:33 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/07 23:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2011/09/07 23:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/09/06 13:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
[2011/09/05 19:13:29 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:29 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/09/05 19:11:49 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/09/05 19:11:48 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/09/05 19:11:48 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/09/05 19:11:47 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/09/05 19:11:47 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/09/05 19:11:47 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/09/05 19:11:47 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/09/05 19:11:47 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS\1206000.01D
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/09/05 18:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/09/05 18:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Norton
[2011/09/02 21:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/02 08:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Oberon Games
[2011/09/02 03:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Saved Games
[2011/08/28 01:48:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2007/08/27 09:43:31 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2003/12/03 08:34:06 | 000,491,520 | ---- | C] (www.simwardrobe.com) -- C:\Program Files\SimCategorizer.exe
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[10 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/13 14:16:43 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/13 14:10:09 | 000,000,429 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.ics
[2011/09/13 14:06:06 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/09/13 14:06:00 | 267,436,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/12 17:00:02 | 000,000,262 | -H-- | M] () -- C:\WINNT\tasks\97CD996DA2920A3D.job
[2011/09/12 16:47:03 | 000,000,978 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/11 20:53:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/11 01:53:54 | 000,437,601 | R--- | M] () -- C:\WINNT\System32\drivers\etc\Hosts
[2011/09/11 01:12:23 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/09/08 17:27:28 | 000,000,825 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2011/09/08 15:47:24 | 000,000,926 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/08 03:06:40 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 17:03:12 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2011/09/07 15:49:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/06 12:51:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 12:51:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/05 20:00:02 | 000,000,538 | ---- | M] () -- C:\WINNT\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2011/09/05 19:14:14 | 000,675,922 | ---- | M] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:28 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:28 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,007,468 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:28 | 000,000,806 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 16:28:06 | 000,437,465 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110911-015350.backup
[2011/09/05 16:11:36 | 000,371,883 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110905-162806.backup
[2011/09/05 12:34:15 | 000,001,355 | ---- | M] () -- C:\WINNT\imsins.BAK
[2011/09/05 09:06:38 | 000,001,977 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/09/02 21:20:55 | 000,002,003 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/08/28 01:48:49 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2011/08/24 01:15:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk
[2011/08/17 01:53:53 | 000,449,476 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011/08/17 01:53:52 | 000,075,506 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[10 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/08 03:06:39 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 18:00:54 | 267,436,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/07 15:49:40 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:39 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/07 15:42:14 | 000,000,978 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/07 15:42:10 | 000,000,926 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/06 12:51:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/06 12:51:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/05 19:13:38 | 000,675,922 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:29 | 000,007,468 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:29 | 000,000,806 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 19:11:49 | 000,000,000 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/09/05 19:10:43 | 000,003,373 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/09/05 19:10:43 | 000,002,792 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/09/05 19:10:43 | 000,001,474 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/09/05 19:10:43 | 000,001,446 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/09/05 19:10:43 | 000,001,389 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/09/05 19:10:43 | 000,001,383 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/09/05 19:10:43 | 000,000,742 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/09/05 19:10:30 | 000,007,877 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/09/05 19:10:30 | 000,007,458 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/09/05 19:10:29 | 000,007,528 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\iron.cat
[2011/09/05 19:10:29 | 000,007,456 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/09/05 19:10:29 | 000,007,454 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/09/05 19:10:29 | 000,007,450 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/09/05 19:10:28 | 000,000,172 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/09/02 21:20:53 | 000,001,977 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/08/24 01:15:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk
[2009/03/18 22:06:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/12/25 19:39:44 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2008/09/04 19:09:30 | 000,000,094 | ---- | C] () -- C:\WINNT\awshkwv.ini
[2008/04/03 16:46:46 | 000,000,552 | ---- | C] () -- C:\WINNT\System32\d3d8caps.dat
[2008/02/07 18:49:23 | 000,691,545 | ---- | C] () -- C:\WINNT\unins000.exe
[2008/02/07 18:49:22 | 000,003,440 | ---- | C] () -- C:\WINNT\unins000.dat
[2008/01/23 10:48:58 | 000,029,152 | R--- | C] () -- C:\WINNT\System32\drivers\usb2vcom.sys
[2007/09/05 12:02:14 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
[2007/08/15 06:57:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/05/06 20:50:11 | 000,004,096 | ---- | C] () -- C:\WINNT\d3dx.dat
[2006/07/12 23:47:06 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2006/07/12 22:00:23 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\ksl48.bin
[2006/07/12 21:58:46 | 000,000,006 | ---- | C] () -- C:\WINNT\System32\tick48.bin
[2006/05/26 02:55:02 | 000,003,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/28 13:49:18 | 000,000,408 | ---- | C] () -- C:\WINNT\lexstat.ini
[2006/04/27 11:56:15 | 000,000,018 | ---- | C] () -- C:\WINNT\gwhotkey.ini
[2006/04/19 23:16:34 | 000,110,592 | R--- | C] () -- C:\WINNT\System32\AegisI5.exe
[2006/04/19 23:16:34 | 000,002,655 | R--- | C] () -- C:\WINNT\System32\arccsel.dat
[2006/04/19 23:16:33 | 000,114,688 | ---- | C] () -- C:\WINNT\System32\AegisI2.exe
[2006/04/19 23:16:32 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\acs.exe
[2006/04/08 15:36:50 | 000,000,048 | ---- | C] () -- C:\WINNT\FileNamesinQueue.ini
[2005/03/02 15:24:31 | 000,000,624 | ---- | C] () -- C:\WINNT\tlknw20.ini
[2005/01/12 20:56:58 | 000,100,475 | ---- | C] () -- C:\WINNT\UninstallFirefox.exe
[2005/01/08 00:21:36 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/01/08 00:17:09 | 000,000,341 | ---- | C] () -- C:\WINNT\wininit.ini
[2004/12/26 21:48:26 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/12/22 02:07:25 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2004/09/09 15:10:57 | 000,000,978 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2004/05/11 02:40:20 | 000,000,026 | ---- | C] () -- C:\WINNT\mscpt.dat
[2004/05/08 15:41:09 | 000,247,808 | ---- | C] () -- C:\WINNT\WINSTRUN.EXE
[2004/05/08 15:41:09 | 000,008,364 | ---- | C] () -- C:\WINNT\INSTALL.DAT
[2004/05/05 20:47:32 | 000,000,000 | ---- | C] () -- C:\WINNT\Zillions.INI
[2004/05/05 15:58:32 | 000,000,000 | ---- | C] () -- C:\WINNT\PROTOCOL.INI
[2004/04/30 02:45:14 | 000,000,130 | ---- | C] () -- C:\WINNT\cosmiord.ini
[2004/02/18 21:14:12 | 000,000,000 | ---- | C] () -- C:\WINNT\QuickInstall.INI
[2004/02/18 21:06:16 | 000,000,000 | ---- | C] () -- C:\WINNT\QUICKI~1.INI
[2004/01/20 22:28:56 | 000,109,181 | ---- | C] () -- C:\Program Files\tempfile.iff
[2004/01/07 17:06:09 | 000,143,872 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/12/13 11:33:58 | 000,000,000 | ---- | C] () -- C:\WINNT\Transmogrifier-1.4.INI
[2003/12/03 22:38:44 | 000,001,260 | ---- | C] () -- C:\WINNT\eReg.dat
[2003/12/03 16:34:52 | 000,011,720 | ---- | C] () -- C:\WINNT\mozver.dat
[2003/11/27 21:06:16 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/11/27 20:53:30 | 000,000,035 | ---- | C] () -- C:\WINNT\wwwbatch.ini
[2003/11/27 20:44:46 | 000,000,825 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/11/27 20:44:29 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\JAWTAccessBridge.dll
[2003/11/27 20:42:14 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat
[2003/11/27 20:41:26 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\PcdrKernelModeServices.dll
[2003/11/27 20:41:26 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\ProgressTrace.dll
[2003/11/27 20:40:32 | 000,000,569 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 17:34:26 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/10/06 16:39:44 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2003/10/06 16:33:14 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2003/10/06 16:26:48 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2003/10/06 16:25:44 | 000,237,552 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2003/08/13 12:08:15 | 000,135,168 | ---- | C] () -- C:\WINNT\System32\wpcap.dll
[2003/08/13 12:08:12 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\packet.dll
[2003/08/13 12:08:10 | 000,013,203 | ---- | C] () -- C:\WINNT\System32\drivers\packet.sys
[2003/04/28 23:28:52 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\ati2evxx.dll
[1980/01/01 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 02:00:00 | 000,449,476 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,254,037 | ---- | C] () -- C:\WINNT\System32\ati2evxx.exe
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 02:00:00 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\SynTPCoI.dll
[1980/01/01 02:00:00 | 000,075,506 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,005,114 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
========== LOP Check ==========
[2008/11/01 15:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlockBreaker
[2011/08/17 02:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2006/04/28 13:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/04/06 01:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/03/05 09:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/10/29 02:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/02/10 05:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2008/01/23 11:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/09/09 02:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/12/11 23:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/07/08 19:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/01/25 22:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2008/01/23 12:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/05/02 12:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SECT ONLINE INTRA MEMO
[2007/03/26 03:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Souptoys
[2009/12/29 19:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/11 04:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2005/03/17 20:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/05 08:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/09/08 17:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/07/03 23:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/12/26 05:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2008/01/23 10:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DataLayer
[2009/04/13 23:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EuroTalk
[2008/12/11 16:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
[2009/04/20 21:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/07/08 16:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2006/03/29 00:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007/04/09 13:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LaCie
[2004/02/18 21:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/12/11 23:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2007/08/16 04:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MP3Toys
[2009/12/29 18:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2006/09/02 00:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Neo-Modus.com
[2008/01/23 12:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2006/03/18 17:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nova Development
[2008/01/23 12:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2007/07/07 20:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\plussoap
[2007/12/12 02:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2007/03/26 03:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Souptoys
[2004/07/24 18:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2011/09/07 23:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2008/12/11 04:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Valusoft
[2008/11/25 16:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent
[2008/12/07 03:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangentv1005
[2011/09/12 17:00:02 | 000,000,262 | -H-- | M] () -- C:\WINNT\Tasks\97CD996DA2920A3D.job
[2008/05/14 04:02:32 | 000,000,106 | ---- | M] () -- C:\WINNT\Tasks\Low Battery Alarm Program.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1DC9784
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
< End of report >
Extras.txt
OTL Extras logfile created on: 9/13/2011 2:20:25 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
254.98 Mb Total Physical Memory | 97.20 Mb Available Physical Memory | 38.12% Memory free
1.21 Gb Paging File | 0.98 Gb Available in Paging File | 80.80% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1600 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 4.40 Gb Free Space | 15.73% Space Free | Partition Type: NTFS
Computer Name: MINIME | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"41400:TCP" = 41400:TCP:*:Enabled:vuze
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{102B83E4-6345-428C-995E-84D9DA26AE34}" = Palm VersaMail(tm)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6DD9963C-271A-4A14-82B0-4DC148C52E58}" = LaCie Backup Software v1.5.2215
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7148F0A8-6813-11D6-A77B-00B0D0142020}" = Java 2 Runtime Environment, SE v1.4.2_02
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738004B8-C43C-47B7-A08D-CD727E4595FF}" = Fashion Cents Deluxe Audio Expansion Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{93F599DF-519B-4706-A3F1-9530DF2590B4}" = ArcSoft PhotoImpression 5
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = DVD
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3EAB67E-9B37-4B74-AFE6-D418D5F6F3D4}" = Hoyle Puzzle Games 2005
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AFF5BD64-6AD5-435F-8171-1DCE8B1D23CF}" = D-Link AirPlus G Wireless Adapter
"{B054DC20-7EC8-41DD-B213-BF71DBC39458}" = Fashion Cents Deluxe 1.01
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6D4828F-A5B2-11D4-8F73-0050DA0F6297}" = The Sims File Cop
"{EC3254F8-301E-43CB-9EC3-BDC28A882A5D}" = Medic Patch 6.0.0.8
"{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}" = Gateway Ink Monitor
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{FB1CCBED-FA66-4D30-BFD7-EF20AD0A81FE}" = Hoyle Board Games 2005
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.0 (beta)
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"ERUNT_is1" = ERUNT 1.1j
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"jZip" = jZip
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multi-function Keyboard Utility" = Gateway Multi-function Keyboard
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Scriptorium_for_TS2_is1" = Scriptorium for TS2
"Shockmachine" = Shockmachine
"Shockwave" = Shockwave
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"Souptoys" = Souptoys
"SynTPDeinstKey" = Synaptics TouchPad
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WTA-072a7886-150b-47bc-98e7-b8406016f1c0" = Dream Day True Love
"WTA-4fff897e-647f-4cde-b4b8-b1913e124154" = Dream Day First Home
"WTA-880cb2f6-3d73-4a21-a73e-8f09d89022fb" = Dream Day Wedding - Viva Las Vegas!
"WTA-ab120a1f-5a94-4a44-a441-74993b72f983" = Dream Day Wedding - Bella Italia
"WTA-ef5bf329-e130-4ae0-800c-c6f065620ae0" = Dream Day Honeymoon
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"InstallShield_{102B83E4-6345-428C-995E-84D9DA26AE34}" = Palm VersaMail(tm)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/1/2009 3:53:42 AM | Computer Name = ME2 | Source = Application Error | ID = 1000
Description = Faulting application converter.exe, version 3.6.0.1, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Error - 8/1/2009 4:23:04 AM | Computer Name = ME2 | Source = Application Error | ID = 1000
Description = Faulting application converter.exe, version 3.6.0.1, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Error - 8/21/2009 5:47:44 PM | Computer Name = ME2 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80010108
Error - 12/5/2009 5:36:41 AM | Computer Name = ME2 | Source = Google Update | ID = 20
Description =
Error - 12/5/2009 6:35:30 AM | Computer Name = ME2 | Source = Google Update | ID = 20
Description =
Error - 12/5/2009 7:35:56 AM | Computer Name = ME2 | Source = Google Update | ID = 20
Description =
Error - 12/5/2009 8:35:39 AM | Computer Name = ME2 | Source = Google Update | ID = 20
Description =
Error - 3/19/2010 8:20:39 AM | Computer Name = ME2 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 9/2/2011 7:38:03 PM | Computer Name = MINIME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 9/2/2011 7:38:03 PM | Computer Name = MINIME | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
[ System Events ]
Error - 8/17/2011 2:11:31 AM | Computer Name = MINIME | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.
Error - 8/17/2011 2:12:43 AM | Computer Name = MINIME | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.
Error - 8/17/2011 2:12:46 AM | Computer Name = MINIME | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.
Error - 9/7/2011 5:43:55 PM | Computer Name = MINIME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
Error - 9/7/2011 5:54:29 PM | Computer Name = MINIME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
Error - 9/7/2011 6:29:36 PM | Computer Name = MINIME | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
Error - 9/7/2011 11:18:42 PM | Computer Name = MINIME | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
Error - 9/7/2011 11:19:27 PM | Computer Name = MINIME | Source = E100B | ID = 262148
Description = Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down
Error - 9/8/2011 5:51:10 AM | Computer Name = MINIME | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.
Error - 9/11/2011 8:50:31 PM | Computer Name = MINIME | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.
< End of report >
I will now run GMER and aswMBR and put those logs in the next post. Thanks.
I ran Gmer and aswMBR. aswMBR asked if I wanted to install Avast as part of the scan. I said no. If you want me to install it and scan again, let me know. I should have asked first. Anyway, here are their logs.
Gmer.txt
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-13 16:09:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awtdypod.sys
---- System - GMER 1.0.15 ----
SSDT FF96F708 ZwAlertResumeThread
SSDT FF96F7E8 ZwAlertThread
SSDT FF8E57B8 ZwAllocateVirtualMemory
SSDT FF9DA958 ZwAssignProcessToJobObject
SSDT FFA7D540 ZwConnectPort
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF0252710]
SSDT FF9DA6D8 ZwCreateMutant
SSDT FF931EB0 ZwCreateSymbolicLinkObject
SSDT FF9F3450 ZwCreateThread
SSDT FF9DAA38 ZwDebugActiveProcess
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF0252990]
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF0252EF0]
SSDT FF8E5988 ZwDuplicateObject
SSDT FF89ABF0 ZwFreeVirtualMemory
SSDT FF96F548 ZwImpersonateAnonymousToken
SSDT FF96F628 ZwImpersonateThread
SSDT FFACF440 ZwLoadDriver
SSDT FF9E1788 ZwMapViewOfSection
SSDT FF9DA5F8 ZwOpenEvent
SSDT FF958740 ZwOpenProcess
SSDT FF8E58A8 ZwOpenProcessToken
SSDT FF9DA438 ZwOpenSection
SSDT FF958650 ZwOpenThread
SSDT FF931F80 ZwProtectVirtualMemory
SSDT FF96FA30 ZwResumeThread
SSDT FF96FCD0 ZwSetContextThread
SSDT FF89A978 ZwSetInformationProcess
SSDT FF9DAB18 ZwSetSystemInformation
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF0253140]
SSDT FF9DA518 ZwSuspendProcess
SSDT FF96FB10 ZwSuspendThread
SSDT FF958940 ZwTerminateProcess
SSDT FF96FBF0 ZwTerminateThread
SSDT FF89AA68 ZwUnmapViewOfSection
SSDT FF89ACC0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
aswMBR
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-13 16:10:44
-----------------------------
16:10:44.554 OS Version: Windows 5.1.2600 Service Pack 3
16:10:44.554 Number of processors: 1 586 0x207
16:10:44.554 ComputerName: MINIME UserName: Owner
16:10:46.046 Initialize success
16:11:37.050 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:11:37.050 Disk 0 Vendor: IC25N030ATCS04-0 CA3OA71A Size: 28615MB BusType: 3
16:11:37.080 Disk 0 MBR read successfully
16:11:37.090 Disk 0 MBR scan
16:11:37.100 Disk 0 Windows XP default MBR code
16:11:37.130 Disk 0 scanning sectors +58605120
16:11:37.400 Disk 0 scanning C:\WINNT\system32\drivers
16:12:10.858 Service scanning
16:12:15.024 Modules scanning
16:13:00.360 Disk 0 trace - called modules:
16:13:00.410 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
16:13:00.440 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81eb99c0]
16:13:00.460 3 CLASSPNP.SYS[f92d0fd7] -> nt!IofCallDriver -> \Device\00000087[0x81ebbd80]
16:13:00.480 5 ACPI.sys[f9217620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81f548e8]
16:13:00.840 Scan finished successfully
16:13:59.995 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:14:00.045 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
I will wait for further instructions. Thank you. :)
Hi cosmic1,
Thanks for the logs. :) The aswMBR log is just fine how you ran it. I will look over the logs that you have provided and get back as quickly as I can. :bigthumb:
OK, great. Take your time; I know it's a lot of stuff to go through. I'm surprised that anyone can understand it. It's all just clicks and whistles to me! :laugh:
Thanks again.
Hi cosmic1,
I notice that you have some AVG remnants installed on your system still. We need to uninstall that and the best way to make sure that all of it is removed is by downloading the AVG Remover Tool found here (http://www.avg.com/us-en/download-tools). Download either the 32bit or 64bit version whichever is applicable to your system onto your desktop. Once the tool is downloaded, double-click (for XP) or right-click and Run as Administrator (Vista) the icon for this tool and follow the prompts to completely remove AVG.
----------
Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
----------
Please download ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
[2004/05/05 20:47:32 | 000,000,000 | ---- | C] () -- C:\WINNT\Zillions.INI
[2004/05/05 15:58:32 | 000,000,000 | ---- | C] () -- C:\WINNT\PROTOCOL.INI
[2004/02/18 21:14:12 | 000,000,000 | ---- | C] () -- C:\WINNT\QuickInstall.INI
[2004/02/18 21:06:16 | 000,000,000 | ---- | C] () -- C:\WINNT\QUICKI~1.INI
[2011/09/12 17:00:02 | 000,000,262 | -H-- | M] () -- C:\WINNT\tasks\97CD996DA2920A3D.job
[2003/12/13 11:33:58 | 000,000,000 | ---- | C] () -- C:\WINNT\Transmogrifier-1.4.INI
[2004/01/07 17:06:09 | 000,143,872 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/05 12:02:14 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
[2006/07/12 22:00:23 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\ksl48.bin
[2006/07/12 21:58:46 | 000,000,006 | ---- | C] () -- C:\WINNT\System32\tick48.bin
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
There will be a log created after the fix and then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------
In your next reply please post the logs created by CKScanner and also the logs created by the OTL fix and the new log created after the new OTL scan.
Hi, Jeff.
I made a minor mistake when following the last set of instructions you sent. Somehow, I overlooked The AVG removal step, and did everything else without doing it. I do not know if you can use the log files that I have, and then I can remove AVG, or if I have to do everything over again. There's also the possibility that I have completely screwed up this process (I hope not). I am really sorry for the trouble. I really must learn that exhaustion and important tasks do not mix. I will wait for your instruction before I do anything else. Thank you for putting up with me.
Hi cosmic1,
I overlooked The AVG removal step, and did everything else without doing it.That is not a problem at all. Go ahead and post the OTL and CKScanner logs that you have and in the mean time run the AVG tool while I review the logs that you post. :)
I am really sorry for the trouble......Thank you for putting up with me. No worries. You are doing great...keep up the good work. :)
I'm glad that I didn't do anything to mess up the repair. :)
Here are the logs from Ckscanner and OTL.
CKFiles.txt
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.MTAPEC
----- EOF -----
OTLFix.txt
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\WINNT\Zillions.INI moved successfully.
C:\WINNT\PROTOCOL.INI moved successfully.
C:\WINNT\QuickInstall.INI moved successfully.
C:\WINNT\QUICKI~1.INI moved successfully.
C:\WINNT\tasks\97CD996DA2920A3D.job moved successfully.
C:\WINNT\Transmogrifier-1.4.INI moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin moved successfully.
C:\WINNT\system32\ksl48.bin moved successfully.
C:\WINNT\system32\tick48.bin moved successfully.
========== COMMANDS ==========
C:\WINNT\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 45581 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2373287 bytes
User: Owner
->Temp folder emptied: 30822649 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 797955 bytes
->FireFox cache emptied: 38319423 bytes
->Google Chrome cache emptied: 38567224 bytes
->Flash cache emptied: 1788 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1997892 bytes
%systemroot%\System32 .tmp files removed: 5401769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1235507 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 4433565 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 59106 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 118.00 mb
OTL by OldTimer - Version 3.2.28.0 log created on 09142011_135405
Files\Folders moved on Reboot...
C:\WINNT\temp\Perflib_Perfdata_6a8.dat moved successfully.
Registry entries deleted on Reboot...
OTL2.txt
OTL logfile created on: 9/14/2011 2:38:28 PM - Run 3
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
254.98 Mb Total Physical Memory | 51.51 Mb Available Physical Memory | 20.20% Memory free
1.21 Gb Paging File | 0.94 Gb Available in Paging File | 77.95% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1600 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 4.44 Gb Free Space | 15.87% Space Free | Partition Type: NTFS
Computer Name: MINIME | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\WINNT\GWHotKey.exe (BillP Studios)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ACS) -- C:\WINNT\system32\acs.exe ()
========== Driver Services (SafeList) ==========
DRV - (SymEvent) -- C:\WINNT\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110910.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110910.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110909.030\IDSXpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110901.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINNT\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (Revoflt) -- C:\WINNT\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (LUsbFilt) -- C:\WINNT\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINNT\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINNT\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (Cdralw2k) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINNT\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINNT\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (usb2vcom) -- C:\WINNT\system32\drivers\usb2vcom.sys ()
DRV - (Afc) -- C:\WINNT\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (CoachAud) -- C:\WINNT\system32\drivers\CoachAud.sys (FotoNation Inc.)
DRV - (AR5211) -- C:\WINNT\system32\drivers\ar5211.sys (D-Link )
DRV - (PRISM_A02) -- C:\WINNT\system32\drivers\WUSB20XP.sys (GlobespanVirata, Inc.)
DRV - (NPF) -- C:\WINNT\system32\drivers\packet.sys ()
DRV - (ati2mtag) -- C:\WINNT\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (dvd_2K) -- C:\WINNT\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINNT\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINNT\System32\drivers\pwd_2K.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINNT\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINNT\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (wlluc48) -- C:\WINNT\system32\drivers\wlluc48.sys (Lucent Technologies)
DRV - (allegro) ESS Allegro Audio Driver (WDM) -- C:\WINNT\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (GTWModem) -- C:\WINNT\system32\drivers\GWMDM.sys (GTW)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: CLSID key missing. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Merriam-Webster Dictionary"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: define@sogame.cat:1.4.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/09/07 14:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_1_3 [2011/09/14 13:58:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 16:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/08 17:57:26 | 000,000,000 | ---D | M]
[2008/09/01 23:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/09/06 12:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions
[2010/04/27 22:29:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/16 07:45:46 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/03/11 03:58:33 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/03/11 03:15:54 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2011/08/28 01:51:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/08/28 01:51:51 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/03/11 06:04:46 | 000,000,000 | ---D | M] (Define) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\define@sogame.cat
[2010/03/11 03:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/03/11 03:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2008/06/18 17:04:04 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\searchplugins\webster.xml
[2011/09/06 12:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/14 13:58:00 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_1_3
[2011/09/07 14:07:25 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
[2011/09/06 16:22:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2004/01/13 22:09:25 | 000,176,176 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/02/07 18:41:04 | 000,002,151 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/08/30 15:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2007/07/15 09:19:00 | 000,000,173 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.gif
[2007/07/31 22:27:00 | 000,000,271 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.src
O1 HOSTS File: ([2011/09/14 13:54:11 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3: - HKCU\..\Toolbar\ShellBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINNT\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Multi-function Keyboard] C:\WINNT\GWHotKey.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave.com/content/luxor/sis/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} http://imlive.com/ChatSource/gVideoContol.cab (Eyeball Video Session Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E51D276-3EEE-40F8-A7C8-AB4E49213D66}: NameServer = 4.2.2.2,4.2.2.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{93e28000-3284-11d8-b97c-00e0b8506b80}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/14 13:54:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/13 15:35:08 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/13 14:17:02 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/11 20:52:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/08 19:01:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/09/08 03:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/09/08 03:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/08 03:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group
[2011/09/08 03:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/09/08 03:06:24 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINNT\System32\drivers\revoflt.sys
[2011/09/08 03:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/09/08 02:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/09/08 00:06:33 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/07 23:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2011/09/07 23:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/09/06 13:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
[2011/09/05 19:13:29 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:29 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/09/05 19:11:49 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/09/05 19:11:48 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/09/05 19:11:48 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/09/05 19:11:47 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/09/05 19:11:47 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/09/05 19:11:47 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/09/05 19:11:47 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/09/05 19:11:47 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS\1206000.01D
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/09/05 18:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/09/05 18:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Norton
[2011/09/02 21:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/02 08:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Oberon Games
[2011/09/02 03:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Saved Games
[2011/08/28 01:48:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2007/08/27 09:43:31 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2003/12/03 08:34:06 | 000,491,520 | ---- | C] (www.simwardrobe.com) -- C:\Program Files\SimCategorizer.exe
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/14 13:59:38 | 000,000,429 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.ics
[2011/09/14 13:57:48 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/09/14 13:57:29 | 267,436,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/14 13:54:11 | 000,000,098 | ---- | M] () -- C:\WINNT\System32\drivers\etc\Hosts
[2011/09/14 13:47:01 | 000,000,978 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/14 13:27:53 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/09/13 16:14:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/13 15:47:00 | 000,000,926 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/13 15:35:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/13 15:33:59 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/13 14:16:43 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/11 20:53:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/11 01:12:23 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/09/08 17:27:28 | 000,000,825 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2011/09/08 03:06:40 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 17:03:12 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2011/09/07 15:49:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/06 12:51:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 12:51:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/05 20:00:02 | 000,000,538 | ---- | M] () -- C:\WINNT\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2011/09/05 19:14:14 | 000,675,922 | ---- | M] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:28 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:28 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,007,468 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:28 | 000,000,806 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 16:28:06 | 000,437,465 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110911-015350.backup
[2011/09/05 16:11:36 | 000,371,883 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110905-162806.backup
[2011/09/05 12:34:15 | 000,001,355 | ---- | M] () -- C:\WINNT\imsins.BAK
[2011/09/05 09:06:38 | 000,001,977 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/09/02 21:20:55 | 000,002,003 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/08/28 01:48:49 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2011/08/24 01:15:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk
[2011/08/17 01:53:53 | 000,449,476 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011/08/17 01:53:52 | 000,075,506 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/14 13:28:11 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/09/13 16:13:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/13 15:41:54 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/09/13 15:34:11 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/08 03:06:39 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 18:00:54 | 267,436,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/07 15:49:40 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:39 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/07 15:42:14 | 000,000,978 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/07 15:42:10 | 000,000,926 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/06 12:51:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/06 12:51:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/05 19:13:38 | 000,675,922 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:29 | 000,007,468 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:29 | 000,000,806 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 19:11:49 | 000,000,000 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/09/05 19:10:43 | 000,003,373 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/09/05 19:10:43 | 000,002,792 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/09/05 19:10:43 | 000,001,474 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/09/05 19:10:43 | 000,001,446 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/09/05 19:10:43 | 000,001,389 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/09/05 19:10:43 | 000,001,383 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/09/05 19:10:43 | 000,000,742 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/09/05 19:10:30 | 000,007,877 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/09/05 19:10:30 | 000,007,458 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/09/05 19:10:29 | 000,007,528 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\iron.cat
[2011/09/05 19:10:29 | 000,007,456 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/09/05 19:10:29 | 000,007,454 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/09/05 19:10:29 | 000,007,450 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/09/05 19:10:28 | 000,000,172 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/09/02 21:20:53 | 000,001,977 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/08/24 01:15:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk
[2009/03/18 22:06:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/12/25 19:39:44 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2008/09/04 19:09:30 | 000,000,094 | ---- | C] () -- C:\WINNT\awshkwv.ini
[2008/04/03 16:46:46 | 000,000,552 | ---- | C] () -- C:\WINNT\System32\d3d8caps.dat
[2008/02/07 18:49:23 | 000,691,545 | ---- | C] () -- C:\WINNT\unins000.exe
[2008/02/07 18:49:22 | 000,003,440 | ---- | C] () -- C:\WINNT\unins000.dat
[2008/01/23 10:48:58 | 000,029,152 | R--- | C] () -- C:\WINNT\System32\drivers\usb2vcom.sys
[2007/08/15 06:57:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/05/06 20:50:11 | 000,004,096 | ---- | C] () -- C:\WINNT\d3dx.dat
[2006/07/12 23:47:06 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2006/05/26 02:55:02 | 000,003,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/28 13:49:18 | 000,000,408 | ---- | C] () -- C:\WINNT\lexstat.ini
[2006/04/27 11:56:15 | 000,000,018 | ---- | C] () -- C:\WINNT\gwhotkey.ini
[2006/04/19 23:16:34 | 000,110,592 | R--- | C] () -- C:\WINNT\System32\AegisI5.exe
[2006/04/19 23:16:34 | 000,002,655 | R--- | C] () -- C:\WINNT\System32\arccsel.dat
[2006/04/19 23:16:33 | 000,114,688 | ---- | C] () -- C:\WINNT\System32\AegisI2.exe
[2006/04/19 23:16:32 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\acs.exe
[2006/04/08 15:36:50 | 000,000,048 | ---- | C] () -- C:\WINNT\FileNamesinQueue.ini
[2005/03/02 15:24:31 | 000,000,624 | ---- | C] () -- C:\WINNT\tlknw20.ini
[2005/01/12 20:56:58 | 000,100,475 | ---- | C] () -- C:\WINNT\UninstallFirefox.exe
[2005/01/08 00:21:36 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/01/08 00:17:09 | 000,000,341 | ---- | C] () -- C:\WINNT\wininit.ini
[2004/12/26 21:48:26 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/12/22 02:07:25 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2004/09/09 15:10:57 | 000,000,978 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2004/05/11 02:40:20 | 000,000,026 | ---- | C] () -- C:\WINNT\mscpt.dat
[2004/05/08 15:41:09 | 000,247,808 | ---- | C] () -- C:\WINNT\WINSTRUN.EXE
[2004/05/08 15:41:09 | 000,008,364 | ---- | C] () -- C:\WINNT\INSTALL.DAT
[2004/04/30 02:45:14 | 000,000,130 | ---- | C] () -- C:\WINNT\cosmiord.ini
[2004/01/20 22:28:56 | 000,109,181 | ---- | C] () -- C:\Program Files\tempfile.iff
[2003/12/03 22:38:44 | 000,001,260 | ---- | C] () -- C:\WINNT\eReg.dat
[2003/12/03 16:34:52 | 000,011,720 | ---- | C] () -- C:\WINNT\mozver.dat
[2003/11/27 21:06:16 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/11/27 20:53:30 | 000,000,035 | ---- | C] () -- C:\WINNT\wwwbatch.ini
[2003/11/27 20:44:46 | 000,000,825 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/11/27 20:44:29 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\JAWTAccessBridge.dll
[2003/11/27 20:42:14 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat
[2003/11/27 20:41:26 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\PcdrKernelModeServices.dll
[2003/11/27 20:41:26 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\ProgressTrace.dll
[2003/11/27 20:40:32 | 000,000,569 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 17:34:26 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/10/06 16:39:44 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2003/10/06 16:33:14 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2003/10/06 16:26:48 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2003/10/06 16:25:44 | 000,237,552 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2003/08/13 12:08:15 | 000,135,168 | ---- | C] () -- C:\WINNT\System32\wpcap.dll
[2003/08/13 12:08:12 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\packet.dll
[2003/08/13 12:08:10 | 000,013,203 | ---- | C] () -- C:\WINNT\System32\drivers\packet.sys
[2003/04/28 23:28:52 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\ati2evxx.dll
[1980/01/01 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 02:00:00 | 000,449,476 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,254,037 | ---- | C] () -- C:\WINNT\System32\ati2evxx.exe
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 02:00:00 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\SynTPCoI.dll
[1980/01/01 02:00:00 | 000,075,506 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,005,114 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1DC9784
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
< End of report >
I'll do the AVG removal now. Thanks again.
Hi cosmic1,
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
[2004/01/13 22:09:25 | 000,176,176 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/02/07 18:41:04 | 000,002,151 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2007/07/15 09:19:00 | 000,000,173 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.gif
[2007/07/31 22:27:00 | 000,000,271 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.src
O33 - MountPoints2\{93e28000-3284-11d8-b97c-00e0b8506b80}\Shell\AutoRun\command - "" = E:\setupSNK.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------
ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the Start button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish
http://www.eset.com/onlinescan/
----------
In your next reply please post the logs created by OTL, Malwarebytes and ESET Online Scanner. :)
Hi, Jeff.
I ran the three programs that you wanted me to run, and I think they all worked ok. Here are their logs.
OTLFix2.txt
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\conduit.gif moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\conduit.src moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93e28000-3284-11d8-b97c-00e0b8506b80}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93e28000-3284-11d8-b97c-00e0b8506b80}\ not found.
File E:\setupSNK.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Owner
->Temp folder emptied: 1676 bytes
->Temporary Internet Files folder emptied: 77812 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 31841749 bytes
->Flash cache emptied: 502 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 31.00 mb
OTL by OldTimer - Version 3.2.28.0 log created on 09162011_105825
Files\Folders moved on Reboot...
File\Folder C:\WINNT\temp\Perflib_Perfdata_68c.dat not found!
Registry entries deleted on Reboot...
Malwarebytes.txt
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7730
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/16/2011 7:32:57 PM
mbam-log-2011-09-16 (19-32-55).txt
Scan type: Quick scan
Objects scanned: 158072
Time elapsed: 29 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ESETlog.txt
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application
I hope this helps. Thanks and have a good weekend. :)
Hi cosmic1,
Looks like we are almost done. :bigthumb: Stick with me though until we are finished.
----------
Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own
folder
Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
Java Runtime Environment (JRE) version for your computer.
----------
You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)
You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources.
Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)
In either case you should uninstall Adobe Reader 8.1.3 first. Be sure to move any PDF documents to another folder first though.
----------
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:Files
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------
Once you get that completed, be sure to post both of the logs that are created by OTL and then let me know how your system is running? :)
Hi, Jeff.
I uninstalled the old Acrobat Reader, then installed JRE and Foxit Reader; all of which went well.
I then tried to do the OTL custom fix, but it would not work. It looked like it was working for a few seconds, then nothing would happen. I tried several times, even letting it run for over an hour, but each time I would get the same result. I had to restart the computer using the power button. I also was sure to disable Malwarebytes and Norton each time as well.
Sorry about the setback.
:confused:
Hi cosmic1,
I uninstalled the old Acrobat Reader, then installed JRE and Foxit Reader; all of which went well.Good Job!! :bigthumb:
----------
Click Start, go to Run and type cmd. Press Enter.
This will open the command prompt.
Copy the contents of the code box > right click in the command window and select paste
del "C:\Program Files\Common Files\Real\Toolbar\RealBar.dll" /f /q
Press Enter
----------
Once you get that complete let me know how your system is running. :)
Hi, Jeff.
I ran the code in the command window. I don't know if I was supposed to get a response or anything (I didn't), but nothing bad happened, so it's a plus in my book. I restarted the laptop to get a more complete sense of how it's running. For the most part, it seems fine. The only issue that I have started last night. The display is acting up a bit. It is hard for me to explain, so I hope the following demonstration is adequate.
Suppose the following is what should be displayed:
aaaaa
aaaaa
aaaaa
aaaaa
aaaaa
What I sometimes get is:
aaaaa
a aaa
aaaaa
aa aa
aaa
If something new is displayed, sometimes part of the old picture will come through. Usually this goes away if I hit refresh, but it has happened more than once in the last 18 or so hours. I don't see any other problems other than this. Thanks. :)
Hi cosmic1,
I will look into your display problem but in the meantime please go ahead and run an OTL Scan and then post the results into the next reply. :bigthumb:
My display problem has since gotten worse to the point that I cannot tell what is on screen. I don't know why this happened all of a sudden.
I used the computer in safe mode and ran the OTL scan. Here is the log.
OTL logfile created on: 9/19/2011 11:26:23 PM - Run 4
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
254.98 Mb Total Physical Memory | 106.79 Mb Available Physical Memory | 41.88% Memory free
1.21 Gb Paging File | 1.14 Gb Available in Paging File | 94.11% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1600 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 4.37 Gb Free Space | 15.65% Space Free | Partition Type: NTFS
Computer Name: MINIME | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\WINNT\system32\tsd32.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ACS) -- C:\WINNT\system32\acs.exe ()
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110916.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110916.018\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110909.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINNT\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110915.030\IDSXpx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\WINNT\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SRTSP) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINNT\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (Revoflt) -- C:\WINNT\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (LUsbFilt) -- C:\WINNT\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINNT\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINNT\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (Cdralw2k) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINNT\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINNT\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (usb2vcom) -- C:\WINNT\system32\drivers\usb2vcom.sys ()
DRV - (Afc) -- C:\WINNT\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (CoachAud) -- C:\WINNT\system32\drivers\CoachAud.sys (FotoNation Inc.)
DRV - (AR5211) -- C:\WINNT\system32\drivers\ar5211.sys (D-Link )
DRV - (PRISM_A02) -- C:\WINNT\system32\drivers\WUSB20XP.sys (GlobespanVirata, Inc.)
DRV - (NPF) -- C:\WINNT\system32\drivers\packet.sys ()
DRV - (ati2mtag) -- C:\WINNT\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (dvd_2K) -- C:\WINNT\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINNT\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINNT\System32\drivers\pwd_2K.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINNT\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINNT\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (wlluc48) -- C:\WINNT\system32\drivers\wlluc48.sys (Lucent Technologies)
DRV - (allegro) ESS Allegro Audio Driver (WDM) -- C:\WINNT\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (GTWModem) -- C:\WINNT\system32\drivers\GWMDM.sys (GTW)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: CLSID key missing. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Merriam-Webster Dictionary"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: define@sogame.cat:1.4.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/09/07 14:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_1_3 [2011/09/19 22:55:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 16:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/18 22:42:45 | 000,000,000 | ---D | M]
[2008/09/01 23:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/09/06 12:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions
[2010/04/27 22:29:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/16 07:45:46 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/03/11 03:58:33 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/03/11 03:15:54 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2011/08/28 01:51:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/08/28 01:51:51 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/03/11 06:04:46 | 000,000,000 | ---D | M] (Define) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\define@sogame.cat
[2010/03/11 03:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/03/11 03:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2008/06/18 17:04:04 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\searchplugins\webster.xml
[2011/09/18 22:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/18 22:43:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/09/19 22:55:00 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_1_3
[2011/09/07 14:07:25 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
[2011/09/06 16:22:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/18 22:39:10 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2011/08/30 15:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/09/14 13:54:11 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3: - HKCU\..\Toolbar\ShellBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINNT\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Multi-function Keyboard] C:\WINNT\GWHotKey.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave.com/content/luxor/sis/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} http://imlive.com/ChatSource/gVideoContol.cab (Eyeball Video Session Control)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E51D276-3EEE-40F8-A7C8-AB4E49213D66}: NameServer = 4.2.2.2,4.2.2.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/18 23:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2011/09/18 22:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/09/18 22:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/18 22:42:44 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\deployJava1.dll
[2011/09/18 22:42:43 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\javaws.exe
[2011/09/18 22:42:42 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\javaw.exe
[2011/09/18 22:42:42 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\java.exe
[2011/09/18 21:57:50 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Documents and Settings\Owner\Desktop\cnet_FoxitReader502_0718_enu_Setup_exe.exe
[2011/09/18 21:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JavaRa
[2011/09/16 19:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/16 18:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/16 18:35:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/09/16 18:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/16 10:55:58 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/09/16 10:54:34 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/14 15:36:30 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/09/14 13:54:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/13 15:35:08 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/13 14:17:02 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/11 20:52:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/08 19:01:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/09/08 03:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/09/08 03:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/08 03:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group
[2011/09/08 03:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/09/08 03:06:24 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINNT\System32\drivers\revoflt.sys
[2011/09/08 03:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/09/08 02:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/09/08 00:06:33 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/07 23:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2011/09/07 23:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/09/06 13:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
[2011/09/05 19:13:29 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:29 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/09/05 19:11:49 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/09/05 19:11:48 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/09/05 19:11:48 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/09/05 19:11:47 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/09/05 19:11:47 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/09/05 19:11:47 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/09/05 19:11:47 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/09/05 19:11:47 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS\1206000.01D
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/09/05 18:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/09/05 18:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Norton
[2011/09/02 21:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/02 08:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Oberon Games
[2011/09/02 03:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Saved Games
[2011/08/28 01:48:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2007/08/27 09:43:31 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2003/12/03 08:34:06 | 000,491,520 | ---- | C] (www.simwardrobe.com) -- C:\Program Files\SimCategorizer.exe
========== Files - Modified Within 30 Days ==========
[2011/09/19 23:22:38 | 000,000,429 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.ics
[2011/09/19 23:22:06 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/09/19 22:47:00 | 000,000,978 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/18 22:38:56 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javaws.exe
[2011/09/18 22:38:56 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javaw.exe
[2011/09/18 22:38:55 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\java.exe
[2011/09/18 22:38:55 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javacpl.cpl
[2011/09/18 22:38:52 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\deployJava1.dll
[2011/09/18 21:57:53 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Documents and Settings\Owner\Desktop\cnet_FoxitReader502_0718_enu_Setup_exe.exe
[2011/09/18 20:28:02 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2011/09/18 20:00:19 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/09/16 10:56:00 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/09/16 10:47:24 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/14 15:47:01 | 000,000,926 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/14 15:37:05 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/09/14 15:26:57 | 000,031,256 | ---- | M] () -- C:\{FE7475AD-7719-4A30-8E26-5E65D7D703D7}
[2011/09/14 13:54:11 | 000,000,098 | ---- | M] () -- C:\WINNT\System32\drivers\etc\Hosts
[2011/09/14 13:27:53 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/09/13 16:14:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/13 15:35:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/13 15:33:59 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/13 14:16:43 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/11 20:53:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/08 17:27:28 | 000,000,825 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2011/09/08 03:06:40 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 17:03:12 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2011/09/07 15:49:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/06 12:51:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 12:51:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/05 20:00:02 | 000,000,538 | ---- | M] () -- C:\WINNT\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2011/09/05 19:14:14 | 000,675,922 | ---- | M] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:28 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:28 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,007,468 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:28 | 000,000,806 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 16:28:06 | 000,437,465 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110911-015350.backup
[2011/09/05 16:11:36 | 000,371,883 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110905-162806.backup
[2011/09/05 12:34:15 | 000,001,355 | ---- | M] () -- C:\WINNT\imsins.BAK
[2011/09/05 09:06:38 | 000,001,977 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/09/02 21:20:55 | 000,002,003 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/08/28 01:48:49 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2011/08/24 01:15:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk
========== Files Created - No Company Name ==========
[2011/09/18 20:28:27 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2011/09/14 15:26:56 | 000,031,256 | ---- | C] () -- C:\{FE7475AD-7719-4A30-8E26-5E65D7D703D7}
[2011/09/14 13:28:11 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/09/13 16:13:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/13 15:41:54 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/09/13 15:34:11 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/08 03:06:39 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 15:49:40 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:39 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/07 15:42:14 | 000,000,978 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/07 15:42:10 | 000,000,926 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/06 12:51:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/06 12:51:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/05 19:13:38 | 000,675,922 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:29 | 000,007,468 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:29 | 000,000,806 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 19:11:49 | 000,000,000 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/09/05 19:10:43 | 000,003,373 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/09/05 19:10:43 | 000,002,792 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/09/05 19:10:43 | 000,001,474 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/09/05 19:10:43 | 000,001,446 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/09/05 19:10:43 | 000,001,389 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/09/05 19:10:43 | 000,001,383 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/09/05 19:10:43 | 000,000,742 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/09/05 19:10:30 | 000,007,877 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/09/05 19:10:30 | 000,007,458 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/09/05 19:10:29 | 000,007,528 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\iron.cat
[2011/09/05 19:10:29 | 000,007,456 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/09/05 19:10:29 | 000,007,454 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/09/05 19:10:29 | 000,007,450 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/09/05 19:10:28 | 000,000,172 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/09/02 21:20:53 | 000,001,977 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/08/24 01:15:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk
[2009/03/18 22:06:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/12/25 19:39:44 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2008/09/04 19:09:30 | 000,000,094 | ---- | C] () -- C:\WINNT\awshkwv.ini
[2008/04/03 16:46:46 | 000,000,552 | ---- | C] () -- C:\WINNT\System32\d3d8caps.dat
[2008/02/07 18:49:23 | 000,691,545 | ---- | C] () -- C:\WINNT\unins000.exe
[2008/02/07 18:49:22 | 000,003,440 | ---- | C] () -- C:\WINNT\unins000.dat
[2008/01/23 10:48:58 | 000,029,152 | R--- | C] () -- C:\WINNT\System32\drivers\usb2vcom.sys
[2007/08/15 06:57:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/05/06 20:50:11 | 000,004,096 | ---- | C] () -- C:\WINNT\d3dx.dat
[2006/07/12 23:47:06 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2006/05/26 02:55:02 | 000,003,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/28 13:49:18 | 000,000,408 | ---- | C] () -- C:\WINNT\lexstat.ini
[2006/04/27 11:56:15 | 000,000,018 | ---- | C] () -- C:\WINNT\gwhotkey.ini
[2006/04/19 23:16:34 | 000,110,592 | R--- | C] () -- C:\WINNT\System32\AegisI5.exe
[2006/04/19 23:16:34 | 000,002,655 | R--- | C] () -- C:\WINNT\System32\arccsel.dat
[2006/04/19 23:16:33 | 000,114,688 | ---- | C] () -- C:\WINNT\System32\AegisI2.exe
[2006/04/19 23:16:32 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\acs.exe
[2006/04/08 15:36:50 | 000,000,048 | ---- | C] () -- C:\WINNT\FileNamesinQueue.ini
[2005/03/02 15:24:31 | 000,000,624 | ---- | C] () -- C:\WINNT\tlknw20.ini
[2005/01/12 20:56:58 | 000,100,475 | ---- | C] () -- C:\WINNT\UninstallFirefox.exe
[2005/01/08 00:21:36 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/01/08 00:17:09 | 000,000,341 | ---- | C] () -- C:\WINNT\wininit.ini
[2004/12/26 21:48:26 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/12/22 02:07:25 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2004/09/09 15:10:57 | 000,000,978 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2004/05/11 02:40:20 | 000,000,026 | ---- | C] () -- C:\WINNT\mscpt.dat
[2004/05/08 15:41:09 | 000,247,808 | ---- | C] () -- C:\WINNT\WINSTRUN.EXE
[2004/05/08 15:41:09 | 000,008,364 | ---- | C] () -- C:\WINNT\INSTALL.DAT
[2004/04/30 02:45:14 | 000,000,130 | ---- | C] () -- C:\WINNT\cosmiord.ini
[2004/01/20 22:28:56 | 000,109,181 | ---- | C] () -- C:\Program Files\tempfile.iff
[2003/12/03 22:38:44 | 000,001,260 | ---- | C] () -- C:\WINNT\eReg.dat
[2003/12/03 16:34:52 | 000,011,720 | ---- | C] () -- C:\WINNT\mozver.dat
[2003/11/27 21:06:16 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/11/27 20:53:30 | 000,000,035 | ---- | C] () -- C:\WINNT\wwwbatch.ini
[2003/11/27 20:44:46 | 000,000,825 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/11/27 20:44:29 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\JAWTAccessBridge.dll
[2003/11/27 20:42:14 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat
[2003/11/27 20:41:26 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\PcdrKernelModeServices.dll
[2003/11/27 20:41:26 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\ProgressTrace.dll
[2003/11/27 20:40:32 | 000,000,569 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 17:34:26 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/10/06 16:39:44 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2003/10/06 16:33:14 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2003/10/06 16:26:48 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2003/10/06 16:25:44 | 000,237,552 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2003/08/13 12:08:15 | 000,135,168 | ---- | C] () -- C:\WINNT\System32\wpcap.dll
[2003/08/13 12:08:12 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\packet.dll
[2003/08/13 12:08:10 | 000,013,203 | ---- | C] () -- C:\WINNT\System32\drivers\packet.sys
[2003/04/28 23:28:52 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\ati2evxx.dll
[1980/01/01 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 02:00:00 | 000,449,476 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,254,037 | ---- | C] () -- C:\WINNT\System32\ati2evxx.exe
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 02:00:00 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\SynTPCoI.dll
[1980/01/01 02:00:00 | 000,075,506 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,005,114 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
========== LOP Check ==========
[2008/11/01 15:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlockBreaker
[2011/08/17 02:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2006/04/28 13:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/04/06 01:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/03/05 09:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/10/29 02:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/02/10 05:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2008/01/23 11:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/09/09 02:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/12/11 23:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/07/08 19:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/01/25 22:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2008/01/23 12:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/05/02 12:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SECT ONLINE INTRA MEMO
[2007/03/26 03:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Souptoys
[2009/12/29 19:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/11 04:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2005/03/17 20:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/05 08:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/09/08 17:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/07/03 23:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/12/26 05:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2008/01/23 10:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DataLayer
[2009/04/13 23:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EuroTalk
[2008/12/11 16:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
[2009/04/20 21:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/07/08 16:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2006/03/29 00:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007/04/09 13:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LaCie
[2004/02/18 21:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/12/11 23:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2007/08/16 04:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MP3Toys
[2009/12/29 18:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2006/09/02 00:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Neo-Modus.com
[2008/01/23 12:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2006/03/18 17:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nova Development
[2008/01/23 12:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2007/07/07 20:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\plussoap
[2007/12/12 02:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2007/03/26 03:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Souptoys
[2004/07/24 18:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2011/09/07 23:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2008/12/11 04:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Valusoft
[2008/11/25 16:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent
[2008/12/07 03:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangentv1005
[2008/05/14 04:02:32 | 000,000,106 | ---- | M] () -- C:\WINNT\Tasks\Low Battery Alarm Program.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1DC9784
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
< End of report >
I hope this helps. Thanks.
Hi cosmic1,
I am checking on your display problem still. In the mean time please do the following:
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
O3: - HKCU\..\Toolbar\ShellBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Hi, Jeff.
Here is the log for the OTL scan I ran after running the fix. Both went well, I think. Thanks.
OTL4.txt
OTL logfile created on: 9/20/2011 3:12:03 PM - Run 5
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
254.98 Mb Total Physical Memory | 92.05 Mb Available Physical Memory | 36.10% Memory free
1.21 Gb Paging File | 0.92 Gb Available in Paging File | 75.95% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1600 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 3.88 Gb Free Space | 13.88% Space Free | Partition Type: NTFS
Computer Name: MINIME | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PocoMan\PocoMan.exe ()
PRC - C:\WINNT\GWHotKey.exe (BillP Studios)
========== Modules (No Company Name) ==========
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\Locales\en-US.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avutil-50.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avformat-52.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avcodec-52.dll ()
MOD - C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll ()
MOD - C:\Program Files\PocoMan\PocoMan.exe ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ACS) -- C:\WINNT\system32\acs.exe ()
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110919.020\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110919.020\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110909.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINNT\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110917.033\IDSXpx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\WINNT\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SRTSP) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINNT\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (Revoflt) -- C:\WINNT\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (LUsbFilt) -- C:\WINNT\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINNT\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINNT\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (Cdralw2k) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINNT\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINNT\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (usb2vcom) -- C:\WINNT\system32\drivers\usb2vcom.sys ()
DRV - (Afc) -- C:\WINNT\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (CoachAud) -- C:\WINNT\system32\drivers\CoachAud.sys (FotoNation Inc.)
DRV - (AR5211) -- C:\WINNT\system32\drivers\ar5211.sys (D-Link )
DRV - (PRISM_A02) -- C:\WINNT\system32\drivers\WUSB20XP.sys (GlobespanVirata, Inc.)
DRV - (NPF) -- C:\WINNT\system32\drivers\packet.sys ()
DRV - (ati2mtag) -- C:\WINNT\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (dvd_2K) -- C:\WINNT\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINNT\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINNT\System32\drivers\pwd_2K.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINNT\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINNT\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (wlluc48) -- C:\WINNT\system32\drivers\wlluc48.sys (Lucent Technologies)
DRV - (ATICDSDr) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys (ATI Technologies Inc.)
DRV - (allegro) ESS Allegro Audio Driver (WDM) -- C:\WINNT\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (GTWModem) -- C:\WINNT\system32\drivers\GWMDM.sys (GTW)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: No CLSID value found. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Merriam-Webster Dictionary"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: define@sogame.cat:1.4.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/09/07 14:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_1_3 [2011/09/20 15:00:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 16:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/18 22:42:45 | 000,000,000 | ---D | M]
[2008/09/01 23:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/09/06 12:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions
[2010/04/27 22:29:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/16 07:45:46 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/03/11 03:58:33 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/03/11 03:15:54 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2011/08/28 01:51:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/08/28 01:51:51 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/03/11 06:04:46 | 000,000,000 | ---D | M] (Define) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\define@sogame.cat
[2010/03/11 03:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/03/11 03:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2008/06/18 17:04:04 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\searchplugins\webster.xml
[2011/09/18 22:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/18 22:43:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/09/20 15:00:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_1_3
[2011/09/07 14:07:25 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
[2011/09/06 16:22:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/18 22:39:10 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2011/08/30 15:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/09/14 13:54:11 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ATIModeChange] C:\WINNT\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Multi-function Keyboard] C:\WINNT\GWHotKey.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave.com/content/luxor/sis/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} http://imlive.com/ChatSource/gVideoContol.cab (Eyeball Video Session Control)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E51D276-3EEE-40F8-A7C8-AB4E49213D66}: NameServer = 4.2.2.2,4.2.2.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/18 23:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2011/09/18 22:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/09/18 22:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/18 22:42:44 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\deployJava1.dll
[2011/09/18 22:42:43 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\javaws.exe
[2011/09/18 22:42:42 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\javaw.exe
[2011/09/18 22:42:42 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\java.exe
[2011/09/18 21:57:50 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Documents and Settings\Owner\Desktop\cnet_FoxitReader502_0718_enu_Setup_exe.exe
[2011/09/18 21:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JavaRa
[2011/09/16 19:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/16 18:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/16 18:35:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/09/16 18:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/16 10:55:58 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/09/16 10:54:34 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/14 15:36:30 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/09/14 13:54:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/13 15:35:08 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/13 14:17:02 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/11 20:52:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/08 19:01:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/09/08 03:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/09/08 03:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/08 03:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group
[2011/09/08 03:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/09/08 03:06:24 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINNT\System32\drivers\revoflt.sys
[2011/09/08 03:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/09/08 02:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/09/08 00:06:33 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/07 23:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2011/09/07 23:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/09/06 13:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
[2011/09/05 19:13:29 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:29 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/09/05 19:11:49 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/09/05 19:11:48 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/09/05 19:11:48 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/09/05 19:11:47 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/09/05 19:11:47 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/09/05 19:11:47 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/09/05 19:11:47 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/09/05 19:11:47 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS\1206000.01D
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/09/05 18:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/09/05 18:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Norton
[2011/09/02 21:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/02 08:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Oberon Games
[2011/09/02 03:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Saved Games
[2011/08/28 01:48:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2007/08/27 09:43:31 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2003/12/03 08:34:06 | 000,491,520 | ---- | C] (www.simwardrobe.com) -- C:\Program Files\SimCategorizer.exe
========== Files - Modified Within 30 Days ==========
[2011/09/20 15:02:22 | 000,000,429 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.ics
[2011/09/20 15:00:03 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/09/20 14:59:47 | 267,436,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/20 14:47:11 | 000,000,978 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/18 22:38:56 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javaws.exe
[2011/09/18 22:38:56 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javaw.exe
[2011/09/18 22:38:55 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\java.exe
[2011/09/18 22:38:55 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javacpl.cpl
[2011/09/18 22:38:52 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\deployJava1.dll
[2011/09/18 21:57:53 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Documents and Settings\Owner\Desktop\cnet_FoxitReader502_0718_enu_Setup_exe.exe
[2011/09/18 20:28:02 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2011/09/18 20:00:19 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/09/16 10:56:00 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/09/16 10:47:24 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/14 15:47:01 | 000,000,926 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/14 15:37:05 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/09/14 15:26:57 | 000,031,256 | ---- | M] () -- C:\{FE7475AD-7719-4A30-8E26-5E65D7D703D7}
[2011/09/14 13:54:11 | 000,000,098 | ---- | M] () -- C:\WINNT\System32\drivers\etc\Hosts
[2011/09/14 13:27:53 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/09/13 16:14:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/13 15:35:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/13 15:33:59 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/13 14:16:43 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/11 20:53:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/08 17:27:28 | 000,000,825 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2011/09/08 03:06:40 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 17:03:12 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2011/09/07 15:49:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/06 12:51:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 12:51:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/05 20:00:02 | 000,000,538 | ---- | M] () -- C:\WINNT\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2011/09/05 19:14:14 | 000,675,922 | ---- | M] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:28 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:28 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,007,468 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:28 | 000,000,806 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 16:28:06 | 000,437,465 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110911-015350.backup
[2011/09/05 16:11:36 | 000,371,883 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110905-162806.backup
[2011/09/05 12:34:15 | 000,001,355 | ---- | M] () -- C:\WINNT\imsins.BAK
[2011/09/05 09:06:38 | 000,001,977 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/09/02 21:20:55 | 000,002,003 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/08/28 01:48:49 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2011/08/24 01:15:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk
========== Files Created - No Company Name ==========
[2011/09/20 00:50:48 | 267,436,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/18 20:28:27 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2011/09/14 15:26:56 | 000,031,256 | ---- | C] () -- C:\{FE7475AD-7719-4A30-8E26-5E65D7D703D7}
[2011/09/14 13:28:11 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/09/13 16:13:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/13 15:41:54 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/09/13 15:34:11 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/08 03:06:39 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 15:49:40 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:39 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/07 15:42:14 | 000,000,978 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/07 15:42:10 | 000,000,926 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/06 12:51:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/06 12:51:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/05 19:13:38 | 000,675,922 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:29 | 000,007,468 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:29 | 000,000,806 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 19:11:49 | 000,000,000 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/09/05 19:10:43 | 000,003,373 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/09/05 19:10:43 | 000,002,792 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/09/05 19:10:43 | 000,001,474 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/09/05 19:10:43 | 000,001,446 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/09/05 19:10:43 | 000,001,389 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/09/05 19:10:43 | 000,001,383 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/09/05 19:10:43 | 000,000,742 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/09/05 19:10:30 | 000,007,877 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/09/05 19:10:30 | 000,007,458 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/09/05 19:10:29 | 000,007,528 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\iron.cat
[2011/09/05 19:10:29 | 000,007,456 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/09/05 19:10:29 | 000,007,454 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/09/05 19:10:29 | 000,007,450 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/09/05 19:10:28 | 000,000,172 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/09/02 21:20:53 | 000,001,977 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/08/24 01:15:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk
[2009/03/18 22:06:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/12/25 19:39:44 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2008/09/04 19:09:30 | 000,000,094 | ---- | C] () -- C:\WINNT\awshkwv.ini
[2008/04/03 16:46:46 | 000,000,552 | ---- | C] () -- C:\WINNT\System32\d3d8caps.dat
[2008/02/07 18:49:23 | 000,691,545 | ---- | C] () -- C:\WINNT\unins000.exe
[2008/02/07 18:49:22 | 000,003,440 | ---- | C] () -- C:\WINNT\unins000.dat
[2008/01/23 10:48:58 | 000,029,152 | R--- | C] () -- C:\WINNT\System32\drivers\usb2vcom.sys
[2007/08/15 06:57:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/05/06 20:50:11 | 000,004,096 | ---- | C] () -- C:\WINNT\d3dx.dat
[2006/07/12 23:47:06 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2006/05/26 02:55:02 | 000,003,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/28 13:49:18 | 000,000,408 | ---- | C] () -- C:\WINNT\lexstat.ini
[2006/04/27 11:56:15 | 000,000,018 | ---- | C] () -- C:\WINNT\gwhotkey.ini
[2006/04/19 23:16:34 | 000,110,592 | R--- | C] () -- C:\WINNT\System32\AegisI5.exe
[2006/04/19 23:16:34 | 000,002,655 | R--- | C] () -- C:\WINNT\System32\arccsel.dat
[2006/04/19 23:16:33 | 000,114,688 | ---- | C] () -- C:\WINNT\System32\AegisI2.exe
[2006/04/19 23:16:32 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\acs.exe
[2006/04/08 15:36:50 | 000,000,048 | ---- | C] () -- C:\WINNT\FileNamesinQueue.ini
[2005/03/02 15:24:31 | 000,000,624 | ---- | C] () -- C:\WINNT\tlknw20.ini
[2005/01/12 20:56:58 | 000,100,475 | ---- | C] () -- C:\WINNT\UninstallFirefox.exe
[2005/01/08 00:21:36 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/01/08 00:17:09 | 000,000,341 | ---- | C] () -- C:\WINNT\wininit.ini
[2004/12/26 21:48:26 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/12/22 02:07:25 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2004/09/09 15:10:57 | 000,000,978 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2004/05/11 02:40:20 | 000,000,026 | ---- | C] () -- C:\WINNT\mscpt.dat
[2004/05/08 15:41:09 | 000,247,808 | ---- | C] () -- C:\WINNT\WINSTRUN.EXE
[2004/05/08 15:41:09 | 000,008,364 | ---- | C] () -- C:\WINNT\INSTALL.DAT
[2004/04/30 02:45:14 | 000,000,130 | ---- | C] () -- C:\WINNT\cosmiord.ini
[2004/01/20 22:28:56 | 000,109,181 | ---- | C] () -- C:\Program Files\tempfile.iff
[2003/12/03 22:38:44 | 000,001,260 | ---- | C] () -- C:\WINNT\eReg.dat
[2003/12/03 16:34:52 | 000,011,720 | ---- | C] () -- C:\WINNT\mozver.dat
[2003/11/27 21:06:16 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/11/27 20:53:30 | 000,000,035 | ---- | C] () -- C:\WINNT\wwwbatch.ini
[2003/11/27 20:44:46 | 000,000,825 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/11/27 20:44:29 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\JAWTAccessBridge.dll
[2003/11/27 20:42:14 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat
[2003/11/27 20:41:26 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\PcdrKernelModeServices.dll
[2003/11/27 20:41:26 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\ProgressTrace.dll
[2003/11/27 20:40:32 | 000,000,569 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 17:34:26 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/10/06 16:39:44 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2003/10/06 16:33:14 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2003/10/06 16:26:48 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2003/10/06 16:25:44 | 000,237,552 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2003/08/13 12:08:15 | 000,135,168 | ---- | C] () -- C:\WINNT\System32\wpcap.dll
[2003/08/13 12:08:12 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\packet.dll
[2003/08/13 12:08:10 | 000,013,203 | ---- | C] () -- C:\WINNT\System32\drivers\packet.sys
[2003/04/28 23:28:52 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\ati2evxx.dll
[1980/01/01 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 02:00:00 | 000,449,476 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,254,037 | ---- | C] () -- C:\WINNT\System32\ati2evxx.exe
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 02:00:00 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\SynTPCoI.dll
[1980/01/01 02:00:00 | 000,075,506 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,005,114 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1DC9784
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
< End of report >
Great!! Are you still having problems with your display? If so, does it happen in Safe Mode or Normal Mode or both?
Hi, Jeff.
The display problems happen in both modes. Sometimes shutting down and restarting helps, and sometimes it doesn't. This may seem odd, but sometimes it happens when the laptop is bumped or moved. That's pretty much all the details I have. Thanks.
Hi cosmic1,
Lets check to see if there is anything reporting in Device Manager. Go to Start > Control Panel > System > click the Hardware tab > click on Device Manager. Are there any warnings or alerts noted in Device Manager? Be sure to look through everything.
How is your system running otherwise?
According to the device manager, everything is fine. The display is the only problem that I'm having now. Everything else is ok! :)
Hi cosmic1,
This may seem odd, but sometimes it happens when the laptop is bumped or moved. It seems like you may have a loose or faulty cable. I have to admit that hardware problems are really not my area. I don't see any malware in your logs so I do not believe that it is malware related.
I would advise that you visit What the Tech and go to the Hardware-Notebooks forum. It can be found here >> http://forums.whatthetech.com/index.php?showforum=129 You will have to register before you can post there, but they should be better able to help you with this problem. When you do post there be sure to copy/paste the link from here so they can see what we have done. The link here is >> http://forums.spybot.info/showthread.php?t=63852
Having said that...
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------
Clean up with OTL:
Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
----------
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and Update an Anti-Virus Software - I can not overemphasize the need for you to use and update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
**Do not install more than one firewall program because they will conflict with each other**
5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
6. Filehippo's Update Checker (http://www.filehippo.com/updatechecker/). It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.
7. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
8. WOT (http://www.mywot.com/), Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
9. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
Instructions for - Spybot S & D and Ad-aware (http://forum.malwareremoval.com/viewtopic.php?t=13)
10. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Hi, Jeff.
I did the OTL cleanup, and that ran well. I will definitely read the articles that you suggested. I don't really use Internet Explorer; I primarily use Firefox and sometimes Chrome. Are there ways I can make them more secure? Also, I use Norton as security, firewall, etc. There was a brief period of time when I did not have it, so maybe that's when I got infected. I've been using Spybot Search and Destroy for years, and don't think I will stop any time soon. It is a great program.
You have pretty much solved my problem with great satisfaction. Can you tell me what I was infected with, and when and how if possible? I would really like to have as much information as possible.
Thank you very much for all of your help. You have been patient and gracious every step of the way. I could not have done this without you, and I can't thank you enough. :thanks:
Hi cosmic1,
Glad that I could be of help. :)
----------
I don't really use Internet Explorer; I primarily use Firefox and sometimes Chrome. Are there ways I can make them more secure?We keep Internet Explorer up to date because that is the browser that Windows uses for updates.
I use Firefox myself and I use two plugins to help with securing the browser... NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/) and AdBlock (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/).
With Chrome there are two plugins that I would recommend that do the same as the ones I suggested for Firefox. They are called NotScript (https://chrome.google.com/webstore/detail/odjhifogjcknibkahlpidmdajjpkkcfn) and AdBlock (https://chrome.google.com/webstore/detail/cfhdojbkjhnklbpkdaibdccddilifddb?hc=search&hcp=main).
----------
Can you tell me what I was infected with, and when and how if possible?You had a few entries that were malware/adware, but nothing major luckily. Just keep your software up-to-date and that should really help. Some of the reading that I have provided will help as well.
----------
It was nice working with you. :) If you don't have any more questions we can probably close this out.
Hi, Jeff.
You can definitely close out the case. It was nice working with you, too. Thanks for all of your help. :)
:greeting: You are quite welcome.
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.