Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 50

Thread: Unable to resolve trojan virtumonde.sci

  1. #21
    Member
    Join Date
    Jul 2011
    Posts
    31

    Default Question - OTL Not Responding

    I ran OTL, which stalled. It eventually reported "not responding" in the heading. I finally had to re-boot using the momentary switch on the computer power supply. How long should I wait before doing that? Should I disable Kaspersky AV or Firewall or anything else?

  2. #22
    Member
    Join Date
    Jul 2011
    Posts
    31

    Default OTL Report ?

    I turned off Kaspersky AV and Kaspersky Firewall.

    OTL appeared to run. It stalled on the screen showing Windows XP shutting down. I finally used the reset control on the power supply. When the system started again it produced a .log file. There was an error message on trying to attach this, so I changed the extension to .txt

  3. #23
    Member
    Join Date
    Jul 2011
    Posts
    31

    Default New OTL.TXT - 7-14-11

    New OTL.TXT - 7-14-11

  4. #24
    Member
    Join Date
    Jul 2011
    Posts
    31

    Default OTL.TXT 7-15-11 Part 1 of 2

    OTL logfile created on: 07/14/11 11:26:10 PM - Run 4
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\i\Programs From Internet\Virtumonde sci removal 7-10-11
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

    2.96 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 79.21% Memory free
    10.79 Gb Paging File | 10.30 Gb Available in Paging File | 95.49% Paging File free
    Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 124.71 Gb Free Space | 26.78% Space Free | Partition Type: NTFS
    Drive E: | 149.05 Gb Total Space | 11.12 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
    Drive F: | 1863.01 Gb Total Space | 1729.64 Gb Free Space | 92.84% Space Free | Partition Type: NTFS

    Computer Name: TOM-2008 | User Name: Tom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
    PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
    PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
    PRC - C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
    PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
    PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
    PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
    PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
    PRC - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
    PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
    PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
    PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
    PRC - C:\WINDOWS\system32\msfeedssync.exe (Microsoft Corporation)
    PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
    PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
    PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
    PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
    PRC - C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
    PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
    PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
    PRC - C:\Program Files\Microsoft Office97\Office\OSA.EXE ()


    ========== Modules (SafeList) ==========

    MOD - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
    MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (GEARSecurity) -- File not found
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
    SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
    SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
    SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
    SRV - (GSService) -- C:\WINDOWS\System32\GSService.exe ()
    SRV - (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SMServer)
    SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe ()
    SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
    SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
    SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
    SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
    SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
    SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
    SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
    SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
    SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
    SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
    SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
    SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
    SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)


    ========== Driver Services (SafeList) ==========

    DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
    DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
    DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
    DRV - (SndTAudio) -- C:\WINDOWS\system32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
    DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
    DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
    DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
    DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
    DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
    DRV - (SCRCAMHRDRV) -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys (Windows (R) Server 2003 DDK provider)
    DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
    DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
    DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
    DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
    DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
    DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
    DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
    DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
    DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
    DRV - (hhdserial) HHD Software Serial Monitor (DMS) -- C:\WINDOWS\system32\drivers\hhdserial.sys (HHD Software Ltd.)
    DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
    DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
    DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
    DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMD052.sys (Sony Corporation)
    DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
    DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
    DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
    DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
    DRV - (NRKCTL32) -- C:\Program Files\WCPUID\NRKCTL32.SYS (NrkLv Group)
    DRV - (xkeysw2k) -- C:\WINDOWS\system32\drivers\XKEYSW2K.SYS (P.I. Engineering, Inc.)
    DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
    DRV - (TVicPort) -- C:\WINDOWS\System32\drivers\TVICPORT.SYS ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "www.googlebreak.com"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tom\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2010/05/25 12:19:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 15:57:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/28 11:04:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/24 15:57:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 09:56:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/09/30 05:13:43 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FF
    FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\savetubemp3@savetubemp3.net: C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\FF [2010/02/02 14:41:41 | 000,000,000 | ---D | M]

  5. #25
    Member
    Join Date
    Jul 2011
    Posts
    31

    Default OTL.TXT 7-15-11 Part 2 of 2

    [2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
    [2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions
    [2010/04/28 05:44:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/03/12 12:06:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/06/18 05:04:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2011/07/03 10:43:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/08/10 19:54:59 | 000,000,000 | ---D | M] (Nodobe Document Viewer) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\nodobe@vuzit.com
    [2010/02/02 14:42:05 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\GoogleFeed.xml
    [2011/07/13 17:48:54 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\ixquick.xml
    [2008/10/11 09:26:42 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\marketwatch.xml
    [2008/10/11 09:26:46 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\webster.xml
    [2008/10/11 09:26:56 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\wikipedia-eng.xml
    [2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/21 02:04:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/24 13:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/13 05:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/01 03:23:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/09 07:00:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2010/09/30 05:14:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    [2011/06/28 11:04:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2010/09/21 02:04:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

    O1 HOSTS File: ([2011/07/14 22:49:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (ShowBarObjMp3 Class) - {cf59ae24-5796-44fc-9575-8d4f383c65f8} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\MinBHOMp3.dll ()
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (YouTube MP3 Downloader) - {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\YouTubeMP3.dll (Save Tube Video Company)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [msjavadll] C:\WINDOWS\System32\javaw.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
    O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Simpo Print Server] C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
    O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
    O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
    O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
    O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE ()
    O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
    O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
    O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
    O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
    O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
    O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
    O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/10/08 03:58:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/14 20:02:35 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/07/14 18:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/07/14 13:29:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/07/14 13:29:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/07/14 13:29:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/07/14 13:29:13 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/07/12 09:09:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/07/12 07:09:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/07/10 12:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Virus Cleanup
    [2011/07/10 09:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
    [2011/07/10 08:55:52 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/07/10 08:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/07/10 08:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/07/10 08:47:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/07/10 08:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/07/08 19:30:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom\Recent
    [2011/07/08 13:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Ilivid Player
    [2011/07/08 13:30:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
    [2011/07/08 13:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iLivid
    [2011/07/08 13:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
    [2011/07/08 13:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\PackageAware
    [2011/07/05 13:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/07/04 20:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2011/07/04 20:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/07/03 11:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Start Menu\Programs\HiJackThis
    [2011/06/28 12:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\DivX
    [2011/06/27 19:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\Exported Registry
    [2011/06/26 22:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Fidelity Investments
    [2011/06/26 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
    [2011/06/26 21:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wealth-Lab Pro
    [2011/06/26 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
    [2011/06/25 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2011/06/25 08:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
    [2011/06/25 08:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2011/06/25 08:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft Help
    [2011/06/25 08:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    [2011/06/23 11:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fidelity Investments
    [2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Fidelity Investments
    [2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
    [2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
    [2011/06/21 12:01:08 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2011/06/21 11:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
    [2011/06/16 03:55:48 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

    ========== Files - Modified Within 30 Days ==========

    [2011/07/14 23:31:36 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/14 23:30:04 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2011/07/14 23:26:19 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
    [2011/07/14 23:24:45 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-963894560-839522115-1003.job
    [2011/07/14 23:24:45 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
    [2011/07/14 23:11:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/07/14 23:09:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/07/14 23:08:32 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/07/14 23:08:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/14 23:08:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/07/14 23:08:00 | 3181,613,056 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/14 22:49:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2011/07/14 14:33:11 | 000,408,918 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas Gas.url
    [2011/07/13 22:11:58 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Fidelity Watchlist.url
    [2011/07/13 18:03:29 | 000,002,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
    [2011/07/12 13:29:53 | 000,000,400 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
    [2011/07/12 09:09:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/07/12 02:49:20 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas 311 Intake.url
    [2011/07/11 13:10:54 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
    [2011/07/10 13:01:10 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
    [2011/07/09 16:10:11 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/08 13:30:51 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
    [2011/07/08 07:10:31 | 000,064,538 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
    [2011/07/08 07:08:40 | 000,067,454 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
    [2011/07/07 14:51:18 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/07/05 15:47:36 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Prepaid Phone News.url
    [2011/07/05 10:14:53 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/07/01 00:40:38 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 7.0.lnk
    [2011/06/29 10:37:48 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\BusinessWeek.url
    [2011/06/28 18:55:59 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Web Site Report For n5gar.com.url
    [2011/06/28 13:15:57 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\STOUFFER'S® Dinner Club.url
    [2011/06/28 07:57:16 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
    [2011/06/27 19:19:29 | 000,002,644 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
    [2011/06/27 19:01:59 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\e-Miles® Miles for Minutes®.url
    [2011/06/26 21:59:20 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
    [2011/06/26 15:20:30 | 000,503,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/06/26 15:20:30 | 000,088,498 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2011/06/25 22:16:58 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/06/25 06:38:42 | 000,002,306 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2011/06/23 12:51:27 | 000,932,987 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
    [2011/06/23 11:07:06 | 000,002,020 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
    [2011/06/19 19:08:43 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Boost Mobile - 214 397 6430.url
    [2011/06/17 03:03:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/06/16 22:23:19 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\support.url

    ========== Files Created - No Company Name ==========

    [2011/07/14 13:29:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/07/14 13:29:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/07/14 13:29:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/07/14 13:29:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/07/14 13:29:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/07/14 01:15:55 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
    [2011/07/12 09:09:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/07/12 09:09:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/07/08 13:30:51 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
    [2011/07/08 07:10:30 | 000,064,538 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
    [2011/07/08 07:08:39 | 000,067,454 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
    [2011/07/03 11:27:45 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/06/29 10:35:04 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
    [2011/06/28 07:57:16 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
    [2011/06/26 21:59:20 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
    [2011/06/25 09:58:23 | 000,956,290 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-963894560-839522115-1003-0.dat
    [2011/06/25 09:58:22 | 000,347,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/06/23 12:51:27 | 000,932,987 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
    [2011/06/23 11:07:06 | 000,002,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
    [2011/06/23 11:07:06 | 000,002,020 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
    [2011/06/21 11:22:28 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/06/21 11:12:47 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
    [2011/06/18 09:56:57 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/06/17 02:26:22 | 000,002,644 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
    [2010/11/10 05:37:55 | 000,161,770 | ---- | C] () -- C:\WINDOWS\Animated Wallpaper Maker Uninstaller.exe
    [2010/11/05 00:04:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\downloads.m3u
    [2010/10/17 19:17:49 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
    [2010/10/10 16:40:24 | 001,903,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/09/30 05:14:14 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
    [2010/09/30 05:14:14 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
    [2010/06/11 06:18:32 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
    [2010/05/25 12:20:06 | 000,002,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2010/04/30 10:04:16 | 000,104,960 | ---- | C] () -- C:\WINDOWS\W2P_PreConvert.dll
    [2010/02/01 05:16:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/02/01 05:16:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2010/02/01 05:16:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/02/01 05:16:08 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/01/31 03:51:08 | 000,005,045 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hksbihfl.ezl
    [2010/01/28 03:35:34 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
    [2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\Tom\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
    [2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
    [2009/12/27 17:53:40 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\default.rss
    [2009/12/26 20:15:07 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
    [2009/11/27 04:31:16 | 000,105,472 | ---- | C] () -- C:\WINDOWS\PreConvert.dll
    [2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/10/19 02:23:14 | 000,000,203 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
    [2009/10/03 12:36:01 | 011,476,992 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
    [2009/09/27 07:26:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\keypad.ini
    [2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
    [2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
    [2009/07/25 03:10:11 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
    [2009/07/11 20:38:12 | 000,835,584 | ---- | C] () -- C:\WINDOWS\tls7912d.dll
    [2009/07/11 20:38:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uninstallrq.exe
    [2009/06/12 21:24:00 | 000,075,596 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
    [2009/06/04 07:51:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2009/04/14 04:53:40 | 000,003,707 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM6.DLL
    [2009/03/04 03:47:17 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/01/31 22:22:25 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
    [2008/11/17 14:58:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
    [2008/11/17 14:58:11 | 000,000,333 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2008/11/04 05:41:07 | 000,001,104 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
    [2008/11/04 05:40:13 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
    [2008/11/04 05:39:17 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
    [2008/11/04 05:39:15 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
    [2008/11/04 05:39:15 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
    [2008/11/04 05:39:15 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
    [2008/11/04 05:39:15 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
    [2008/11/04 05:39:14 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
    [2008/11/04 05:39:14 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
    [2008/11/04 05:39:14 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
    [2008/11/04 05:39:14 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
    [2008/11/04 05:39:14 | 000,004,400 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
    [2008/11/04 05:39:14 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
    [2008/11/04 05:39:14 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
    [2008/11/04 05:39:14 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
    [2008/11/04 05:06:16 | 000,127,184 | ---- | C] () -- C:\WINDOWS\DEL_AH1.EXE
    [2008/11/02 08:56:34 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
    [2008/10/30 09:26:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
    [2008/10/30 09:25:23 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
    [2008/10/30 09:25:23 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
    [2008/10/30 08:58:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2008/10/30 04:12:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\TraceSrv.ini
    [2008/10/28 04:09:43 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2008/10/27 00:29:43 | 000,000,225 | ---- | C] () -- C:\WINDOWS\netscape.INI
    [2008/10/26 20:43:04 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
    [2008/10/25 03:31:26 | 000,000,554 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2008/10/24 14:22:31 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
    [2008/10/24 14:21:19 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
    [2008/10/24 04:31:54 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/10/10 20:18:45 | 000,038,951 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/10/10 19:09:45 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/10/09 08:52:33 | 000,000,927 | ---- | C] () -- C:\WINDOWS\hmpro3.ini
    [2008/10/09 08:50:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\kwimage.dll
    [2008/10/09 08:50:42 | 000,005,495 | ---- | C] () -- C:\WINDOWS\sqkw.ini
    [2008/10/09 03:17:00 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
    [2008/10/09 03:16:59 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
    [2008/10/09 03:16:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
    [2008/10/08 08:54:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/10/08 04:00:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/10/08 03:56:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/10/07 05:35:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/10/07 05:34:50 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/09/18 11:21:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ljackuw.dll
    [2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/03/31 07:00:00 | 000,503,100 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/03/31 07:00:00 | 000,088,498 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
    [2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
    [2001/07/31 04:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
    [2001/01/24 01:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
    [2000/06/07 07:38:44 | 000,078,336 | ---- | C] () -- C:\WINDOWS\nfwDrop.DLL
    [2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
    [1999/05/20 04:03:20 | 000,004,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TVICPORT.SYS
    [1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
    [1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
    [1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

    < End of report >

  6. #26
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great

    How are things running now, any redirects or unwanted pop up windows ?


    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #27
    Member
    Join Date
    Jul 2011
    Posts
    31

    Default Response 7-15-11

    Quote Originally Posted by ken545 View Post
    Great

    How are things running now, any redirects or unwanted pop up windows ?.
    The computer hangs up on programs that used to work normally. I have ACDC 7 for moving photos from an SD card & card reader to the system. Plugging in an SD card used to result in it being recognized for copying or moving the photo files. It no longer responds to an SD card going in its slot. Should I reinstall this program?

    At the moment there's a white screen on Windows Task Manager that will not go away. There's an hour glass with the mouse pointer anywhere on the desktop.

    Earlier I did get web pages to appear to work OK with MSIE 7. I have not been able to fully test it yet.

    I understand ESET, described below, takes a long time to run. I'll be able to proceed with it later. Thank you. (At the moment I'm using a separate laptop to enter this. It does not appear to be infected.)

    Quote Originally Posted by ken545 View Post

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.

  8. #28
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets wait until we see what ESET finds and go from there, its possible this is just a windows problem, lets see
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #29
    Member
    Join Date
    Jul 2011
    Posts
    31

    Default Report of ESET attached 7-17-11

    Report of ESET attached 7-17-11


    C:\Documents and Settings\Tom\Local Settings\Application Data\Downloaded Installations\{23690A61-F205-45D8-9294-B63A67498790}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application
    C:\Documents and Settings\Tom\Local Settings\Application Data\Downloaded Installations\{40C82691-CCF0-402A-909D-29257CBF33AC}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application
    C:\i\Programs From Internet\ImToo DVD Creator 6 4-29-11\dvd-creator6.exe Win32/Toolbar.Zugo application
    C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix.zip multiple threats
    C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView application
    C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
    C:\i\Programs From Internet\Vundofix for virtumonde-sci 7-4-11\VirtumundoBeGone.exe Win32/PrcView application
    Last edited by ken545; 2011-07-17 at 18:09.

  10. #30
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets run ESET again and lets remove what it finds this time, post the log when done please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •