View Full Version : Infected with Live Security Platinum
bluefishbeagle
2012-08-02, 04:20
Hello,
Cannot run DDS logs or backup registry. Blocks all attempts. Have not tried safe mode. Posting his only after many attempts to block your site.
Whats' next? Thank you in advance.
:welcome:
You didn't say but if you dont have Malwarebytes installed , use a known clean computer to download it and then transfer by disk or thumb drive to this infected one and install it.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Then run it this way
Go to Start > All Programs> Malwarebytes Antimalware > Tools > Malwarebytes Antimalware Chameleon and it will take you to this page
http://i24.photobucket.com/albums/c30/ken545/ChameleonPic.jpg
Then click on the first link to run Malwarebytes and if wont run try the next one until one of them runs
bluefishbeagle
2012-08-06, 20:07
Yes I have malwearbytes but any attemps to scan are stopped. It tries to redirect me to their site fo download softward.
bluefishbeagle
2012-08-06, 20:15
I will try the second method as soon as I get back to the infected computer this evening. thank you
bluefishbeagle
2012-08-07, 02:53
On reboot this evening things have settled down, I don't know why except Norton may have removed some items automaticly.
I was able to run Malwearbtyes, here's the log. Nothing was found.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.26.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Hassel :: HOME-518208A0B2 [administrator]
8/6/2012 7:31:54 PM
mbam-log-2012-08-06 (19-31-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188054
Time elapsed: 19 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
See if you can run these and post both logs please
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
bluefishbeagle
2012-08-07, 03:25
Now able to run DSS file: Here it is:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Hassel at 20:02:39 on 2012-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.498 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.prisonplanet.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [Drag'n Drop CD] c:\program files\drag'n drop cd\binfiles\DragDrop.exe /StartUp
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\hassel\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120805.001\IDSXpx86.sys [2012-8-6 369632]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120806.002\NAVENG.SYS [2012-8-6 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120806.002\NAVEX15.SYS [2012-8-6 1589752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-22 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-22 136176]
S3 PRISM;Intersil PRISM Wireless LAN Driver;c:\windows\system32\drivers\PRISMNDS.sys [2012-1-21 51200]
.
=============== Created Last 30 ================
.
2012-08-02 00:16:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-02 00:16:44 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-31 14:34:23 -------- d-----w- c:\documents and settings\all users\application data\6F638BDF02AC3060A3E4F6637B07D287
2012-07-26 07:29:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-07-26 07:29:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-07-26 07:29:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-07-26 07:29:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-07-26 07:29:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-07-26 07:29:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-07-26 07:29:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-07-16 21:17:56 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys
2012-07-16 21:17:55 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys
2012-07-16 21:17:55 369784 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdi.sys
2012-07-16 21:17:55 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys
2012-07-16 21:17:54 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys
2012-07-16 21:17:54 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys
2012-07-16 21:17:54 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys
2012-07-16 21:17:53 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys
2012-07-16 21:16:27 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003
.
==================== Find3M ====================
.
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:04:14.18 ===============
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Hassel at 20:02:39 on 2012-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.498 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.prisonplanet.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [Drag'n Drop CD] c:\program files\drag'n drop cd\binfiles\DragDrop.exe /StartUp
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\hassel\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120805.001\IDSXpx86.sys [2012-8-6 369632]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120806.002\NAVENG.SYS [2012-8-6 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120806.002\NAVEX15.SYS [2012-8-6 1589752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-22 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-22 136176]
S3 PRISM;Intersil PRISM Wireless LAN Driver;c:\windows\system32\drivers\PRISMNDS.sys [2012-1-21 51200]
.
=============== Created Last 30 ================
.
2012-08-02 00:16:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-02 00:16:44 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-31 14:34:23 -------- d-----w- c:\documents and settings\all users\application data\6F638BDF02AC3060A3E4F6637B07D287
2012-07-26 07:29:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-07-26 07:29:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-07-26 07:29:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-07-26 07:29:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-07-26 07:29:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-07-26 07:29:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-07-26 07:29:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-07-16 21:17:56 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys
2012-07-16 21:17:55 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys
2012-07-16 21:17:55 369784 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdi.sys
2012-07-16 21:17:55 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys
2012-07-16 21:17:54 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys
2012-07-16 21:17:54 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys
2012-07-16 21:17:54 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys
2012-07-16 21:17:53 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys
2012-07-16 21:16:27 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003
.
==================== Find3M ====================
.
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:04:14.18 ===============
9775
OK, lets see aswMBR and OTL
bluefishbeagle
2012-08-07, 23:28
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-07 15:50:49
-----------------------------
15:50:49.798 OS Version: Windows 5.1.2600 Service Pack 3
15:50:49.798 Number of processors: 1 586 0x905
15:50:49.798 ComputerName: HOME-518208A0B2 UserName: Hassel
15:50:50.830 Initialize success
15:50:57.580 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:50:57.590 Disk 0 Vendor: HITACHI_DK23EA-40 00K3A0A6 Size: 38154MB BusType: 3
15:50:57.610 Disk 0 MBR read successfully
15:50:57.610 Disk 0 MBR scan
15:50:57.610 Disk 0 Windows XP default MBR code
15:50:57.610 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
15:50:57.630 Disk 0 scanning sectors +78124095
15:50:57.740 Disk 0 scanning C:\WINDOWS\system32\drivers
15:51:20.723 Service scanning
15:51:56.404 Modules scanning
15:52:18.196 Disk 0 trace - called modules:
15:52:18.246 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
15:52:18.246 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8638b1f0]
15:52:18.246 3 CLASSPNP.SYS[f766afd7] -> nt!IofCallDriver -> \Device\0000007a[0x863caf18]
15:52:18.576 5 ACPI.sys[f75c1620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x863c9940]
15:52:18.576 Scan finished successfully
15:52:41.229 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hassel\Desktop\MBR.dat"
15:52:41.259 The log file has been saved successfully to "C:\Documents and Settings\Hassel\Desktop\aswMBR.txt"
**********************************************
OTL Extras logfile created on: 8/7/2012 4:19:53 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Hassel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.48 Mb Total Physical Memory | 666.34 Mb Available Physical Memory | 65.68% Memory free
2.39 Gb Paging File | 2.09 Gb Available in Paging File | 87.59% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 26.78 Gb Free Space | 71.89% Space Free | Partition Type: NTFS
Computer Name: HOME-518208A0B2 | User Name: Hassel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{2283B4E3-B953-11D6-B1DF-00000E5F1C10}" = LifeBook Application Panel
"{24CF0DBF-FF47-42E5-A13F-1D4D773E8AC7}" = Security Panel Application
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup for Realtek RTL8139/810x Family NIC 3.00
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9B690E75-4B22-46EC-8DAE-A4CF7688F05C}" = PRISM 11Mbps Wireless LAN for Windows
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4A6405B-F37D-42F7-B317-D277BBD47D15}" = Drag'n Drop CD
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EmailStripper_is1" = EmailStripper 2.2
"ERUNT_is1" = ERUNT 1.1j
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"OnlineBible" = Online Bible 12.13.01
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-796845957-813497703-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineBible" = Online Bible 12.13.01
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/11/2012 7:55:01 PM | Computer Name = HOME-518208A0B2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/11/2012 7:55:21 PM | Computer Name = HOME-518208A0B2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/28/2012 11:40:27 PM | Computer Name = HOME-518208A0B2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/28/2012 11:40:52 PM | Computer Name = HOME-518208A0B2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/31/2012 11:10:36 AM | Computer Name = HOME-518208A0B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 7/31/2012 11:12:16 AM | Computer Name = HOME-518208A0B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 7/31/2012 11:13:29 AM | Computer Name = HOME-518208A0B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 7/31/2012 11:13:32 AM | Computer Name = HOME-518208A0B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 7/31/2012 11:13:35 AM | Computer Name = HOME-518208A0B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 7/31/2012 11:23:58 AM | Computer Name = HOME-518208A0B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
[ System Events ]
Error - 8/1/2012 10:01:34 PM | Computer Name = HOME-518208A0B2 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060
Error - 8/1/2012 10:01:34 PM | Computer Name = HOME-518208A0B2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi
Error - 8/1/2012 10:02:46 PM | Computer Name = HOME-518208A0B2 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 8/1/2012 10:02:46 PM | Computer Name = HOME-518208A0B2 | Source = Service Control Manager | ID = 7034
Description = The Skype Updater service terminated unexpectedly. It has done this
1 time(s).
Error - 8/6/2012 7:56:47 PM | Computer Name = HOME-518208A0B2 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060
Error - 8/6/2012 7:56:47 PM | Computer Name = HOME-518208A0B2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi
Error - 8/6/2012 8:59:31 PM | Computer Name = HOME-518208A0B2 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060
Error - 8/6/2012 8:59:31 PM | Computer Name = HOME-518208A0B2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi
Error - 8/7/2012 4:40:35 PM | Computer Name = HOME-518208A0B2 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060
Error - 8/7/2012 4:40:35 PM | Computer Name = HOME-518208A0B2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi
< End of report >
***********************************
OTL logfile created on: 8/7/2012 4:19:53 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Hassel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.48 Mb Total Physical Memory | 666.34 Mb Available Physical Memory | 65.68% Memory free
2.39 Gb Paging File | 2.09 Gb Available in Paging File | 87.59% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 26.78 Gb Free Space | 71.89% Space Free | Partition Type: NTFS
Computer Name: HOME-518208A0B2 | User Name: Hassel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Hassel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
PRC - C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe ()
PRC - C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
MOD - C:\Program Files\Drag'n Drop CD\BinFiles\DDCDRES.dll ()
MOD - C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe ()
MOD - C:\Program Files\Drag'n Drop CD\BinFiles\ezID3.dll ()
MOD - C:\Program Files\Drag'n Drop CD\BinFiles\ezLICEN1.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (Cdrom) -- system32\DRIVERS\cdrom.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\Hassel\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120807.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120807.002\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120803.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120807.001\IDSXpx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys (Symantec Corporation)
DRV - (w70n51) -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (BtnHnd) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys (FUJITSU LIMITED)
DRV - (PRISM) -- C:\WINDOWS\system32\drivers\PRISMNDS.sys (Intersil Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-813497703-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.prisonplanet.com/
IE - HKU\S-1-5-21-796845957-813497703-854245398-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-796845957-813497703-854245398-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-796845957-813497703-854245398-1003\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=FBBAD63001CCD918001F4719&install_time=2012-01-22T15:17:45Z&src_id=30305&camp_id=3534&tb_version=1.1.3001.0(B)
IE - HKU\S-1-5-21-796845957-813497703-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 18:47:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_10_1 [2012/08/07 15:40:21 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/08/01 19:22:18 | 000,443,791 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15245 more lines...
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-796845957-813497703-854245398-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-813497703-854245398-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-796845957-813497703-854245398-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe ()
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O4 - Startup: C:\Documents and Settings\Hassel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-813497703-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2C4C5F5-88A0-4209-A9DC-4E8EB5912242}: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Hassel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hassel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/21 07:25:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ieudonce - (C:\WINDOWS\system32\regiasks.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/07 16:18:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hassel\Desktop\OTL.exe
[2012/08/06 19:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/08/06 19:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/08/06 19:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/01 21:09:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Hassel\Desktop\erunt-setup.exe
[2012/08/01 19:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/01 19:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/08/01 19:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/08/01 19:06:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/07/31 09:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\6F638BDF02AC3060A3E4F6637B07D287
[2012/07/26 02:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/07/26 02:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/07/26 02:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/07 16:18:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hassel\Desktop\OTL.exe
[2012/08/07 16:10:58 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/07 15:52:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\MBR.dat
[2012/08/07 15:40:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/07 15:39:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/07 15:39:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/06 20:23:25 | 000,004,035 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\attach.zip
[2012/08/06 19:20:55 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Hassel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/06 19:20:50 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\NTREGOPT.lnk
[2012/08/06 19:20:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\ERUNT.lnk
[2012/08/01 21:09:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Hassel\Desktop\erunt-setup.exe
[2012/08/01 19:22:18 | 000,443,791 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/01 19:21:08 | 000,443,791 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120801-192217.backup
[2012/08/01 19:17:12 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Hassel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/01 19:17:12 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\Spybot - Search & Destroy.lnk
[2012/07/26 02:29:08 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/07/25 22:50:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/20 10:37:37 | 005,274,029 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\IMG_0904.MOV
[2012/07/17 10:53:29 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2012/07/17 10:52:23 | 000,658,246 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502020.003\Cat.DB
[2012/07/16 09:57:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 15:42:05 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 20:25:32 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502020.003\isolate.ini
[2012/07/10 21:26:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/07 15:52:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\MBR.dat
[2012/08/06 20:23:25 | 000,004,035 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\attach.zip
[2012/08/06 19:20:54 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Hassel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/06 19:20:50 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\NTREGOPT.lnk
[2012/08/06 19:20:49 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\ERUNT.lnk
[2012/08/01 19:17:12 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Hassel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/01 19:17:12 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\Spybot - Search & Destroy.lnk
[2012/07/26 02:29:06 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/07/20 10:37:37 | 005,274,029 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\IMG_0904.MOV
[2012/05/31 10:08:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/14 13:39:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/21 18:45:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2012/01/21 18:45:30 | 000,001,319 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2012/01/21 10:33:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2012/01/21 07:48:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\priunins.exe
[2012/01/21 07:29:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 07:21:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/21 01:11:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/21 01:09:36 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ==========
[2012/07/31 09:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6F638BDF02AC3060A3E4F6637B07D287
[2012/03/06 19:58:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/01/21 21:11:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/01/21 21:11:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/03/06 19:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HardwareHelper
[2012/07/21 21:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hassel\Application Data\Canon Easy-WebPrint EX
[2012/01/21 18:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hassel\Application Data\Drag'n Drop CD
========== Purity Check ==========
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB19915$] -> Error: Cannot create file handle -> Unknown point type
< End of report >
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
[2012/08/01 19:21:08 | 000,443,791 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120801-192217.backup
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
bluefishbeagle
2012-08-08, 02:42
Done:
All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.20120801-192217.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Hassel\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Hassel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error creating restore point.
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 180224 bytes
->Temporary Internet Files folder emptied: 74512 bytes
->Flash cache emptied: 56475 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
User: Hassel
->Temp folder emptied: 28667703 bytes
->Temporary Internet Files folder emptied: 47668240 bytes
->Java cache emptied: 648703 bytes
->Flash cache emptied: 48238 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 48385587 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2196425 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115171 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 135295675 bytes
Total Files Cleaned = 251.00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08072012_193242
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF980C.tmp not found!
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF981C.tmp not found!
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF98EC.tmp not found!
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF9907.tmp not found!
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF99F8.tmp not found!
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF9A08.tmp not found!
C:\Documents and Settings\Hassel\Local Settings\Temporary Internet Files\Content.IE5\V3HSDY3X\showthread[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_f0.dat not found!
PendingFileRenameOperations files...
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF980C.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF981C.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF98EC.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF9907.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF99F8.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF9A08.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temporary Internet Files\Content.IE5\V3HSDY3X\showthread[1].htm not found!
File C:\WINDOWS\temp\Perflib_Perfdata_f0.dat not found!
Registry entries deleted on Reboot...
Great,
How are things running now ?
Go ahead and run a new scan with OTL and post a new log please
bluefishbeagle
2012-08-08, 03:12
OTL logfile created on: 8/7/2012 8:01:47 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Hassel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.48 Mb Total Physical Memory | 285.95 Mb Available Physical Memory | 28.19% Memory free
2.39 Gb Paging File | 1.78 Gb Available in Paging File | 74.63% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 28.52 Gb Free Space | 76.55% Space Free | Partition Type: NTFS
Computer Name: HOME-518208A0B2 | User Name: Hassel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Hassel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
PRC - C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe ()
PRC - C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
MOD - C:\Program Files\Drag'n Drop CD\BinFiles\DDCDRES.dll ()
MOD - C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe ()
MOD - C:\Program Files\Drag'n Drop CD\BinFiles\ezID3.dll ()
MOD - C:\Program Files\Drag'n Drop CD\BinFiles\ezLICEN1.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (Cdrom) -- system32\DRIVERS\cdrom.sys File not found
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120807.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120807.002\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120803.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120807.001\IDSXpx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys (Symantec Corporation)
DRV - (w70n51) -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (BtnHnd) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys (FUJITSU LIMITED)
DRV - (PRISM) -- C:\WINDOWS\system32\drivers\PRISMNDS.sys (Intersil Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.prisonplanet.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=FBBAD63001CCD918001F4719&install_time=2012-01-22T15:17:45Z&src_id=30305&camp_id=3534&tb_version=1.1.3001.0(B)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 18:47:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_10_1 [2012/08/07 19:37:24 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/08/07 19:32:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe ()
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O4 - Startup: C:\Documents and Settings\Hassel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2C4C5F5-88A0-4209-A9DC-4E8EB5912242}: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Hassel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hassel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/21 07:25:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ieudonce - (C:\WINDOWS\system32\regiasks.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/07 19:32:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/07 16:18:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hassel\Desktop\OTL.exe
[2012/08/06 19:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/08/06 19:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/08/06 19:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/01 21:09:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Hassel\Desktop\erunt-setup.exe
[2012/08/01 19:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/01 19:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/08/01 19:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/08/01 19:06:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/07/31 09:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\6F638BDF02AC3060A3E4F6637B07D287
[2012/07/26 02:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/07/26 02:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/07/26 02:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
========== Files - Modified Within 30 Days ==========
[2012/08/07 19:37:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/07 19:36:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/07 19:36:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/07 19:32:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/07 16:18:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hassel\Desktop\OTL.exe
[2012/08/07 16:10:58 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/07 15:52:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\MBR.dat
[2012/08/06 20:23:25 | 000,004,035 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\attach.zip
[2012/08/06 19:20:55 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Hassel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/06 19:20:50 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\NTREGOPT.lnk
[2012/08/06 19:20:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\ERUNT.lnk
[2012/08/01 21:09:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Hassel\Desktop\erunt-setup.exe
[2012/08/01 19:17:12 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Hassel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/01 19:17:12 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\Spybot - Search & Destroy.lnk
[2012/07/26 02:29:08 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/07/25 22:50:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/20 10:37:37 | 005,274,029 | ---- | M] () -- C:\Documents and Settings\Hassel\Desktop\IMG_0904.MOV
[2012/07/17 10:53:29 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2012/07/17 10:52:23 | 000,658,246 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502020.003\Cat.DB
[2012/07/16 09:57:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 15:42:05 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 20:25:32 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502020.003\isolate.ini
[2012/07/10 21:26:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2012/08/07 15:52:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\MBR.dat
[2012/08/06 20:23:25 | 000,004,035 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\attach.zip
[2012/08/06 19:20:54 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Hassel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/06 19:20:50 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\NTREGOPT.lnk
[2012/08/06 19:20:49 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\ERUNT.lnk
[2012/08/01 19:17:12 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Hassel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/01 19:17:12 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\Spybot - Search & Destroy.lnk
[2012/07/26 02:29:06 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/07/20 10:37:37 | 005,274,029 | ---- | C] () -- C:\Documents and Settings\Hassel\Desktop\IMG_0904.MOV
[2012/05/31 10:08:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/14 13:39:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/21 18:45:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2012/01/21 18:45:30 | 000,001,319 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2012/01/21 10:33:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2012/01/21 07:48:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\priunins.exe
[2012/01/21 07:29:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 07:21:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/21 01:11:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/21 01:09:36 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB19915$] -> Error: Cannot create file handle -> Unknown point type
< End of report >
bluefishbeagle
2012-08-08, 03:14
Things seem normal. No abnomalies detected.
Good,
Just missed this one , its a quick fix
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=FBBAD63001CCD918001F4719&install_time=2012-01-22T15:17:45Z&src_id=30305&camp_id=3534&tb_version=1.1.3001.0(B)
:Services
:Reg
:Files
:Commands
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Your Java is out of date and leaving your system vunerable
Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 5
If not click on the update tab and let it update.
Then go into your Control Panel> Add Remove Programs and uninstall all previous versions
Let me know how it all went
bluefishbeagle
2012-08-08, 15:58
Ran the fix, installed latest Java, removed old version. Computer seems a little faster now. Here's the log:
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Hassel
->Temp folder emptied: 117659 bytes
->Temporary Internet Files folder emptied: 6682087 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 736 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16889 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 71988 bytes
Total Files Cleaned = 7.00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08082012_083332
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF8155.tmp not found!
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF819B.tmp not found!
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF822D.tmp not found!
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF8257.tmp not found!
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF8366.tmp not found!
File\Folder C:\Documents and Settings\Hassel\Local Settings\Temp\~DF8384.tmp not found!
C:\Documents and Settings\Hassel\Local Settings\Temporary Internet Files\Content.IE5\QMTHRXQQ\showthread[1].htm moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_94.dat moved successfully.
PendingFileRenameOperations files...
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF8155.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF819B.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF822D.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF8257.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF8366.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temp\~DF8384.tmp not found!
File C:\Documents and Settings\Hassel\Local Settings\Temporary Internet Files\Content.IE5\QMTHRXQQ\showthread[1].htm not found!
File C:\WINDOWS\temp\Perflib_Perfdata_94.dat not found!
Registry entries deleted on Reboot...
Great
This is just a double check in case we missed anything
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
bluefishbeagle
2012-08-08, 21:49
Ran scanner there were not threats found the program did not produce a log. My computer seems to be reacting normally.
:bigthumb:
Good to hear, any problems in the future please post back, if this thread is closed just start a new topic.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
bluefishbeagle
2012-08-09, 06:47
Thanks so MUCH !!! :rockon:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.