ken545,
Elated to report the hidden partition has been deleted!! Those 2MB are gone!
I have attached the Disk Management screen shot and the txt output file from the delete.
I've been reviewing the forum for ways to prevent further intrusions and will apply the practices as soon as my machine is deemed "clean".
Thanks for your time and expertise,
Jess
Good Morning Jess,
Wonderful, when where done I will give you some tips and links to free programs to install that can help you keep your system more secure.
Things should run fairly well now, so open Malwarebytes , check for updates and run the Quick Scan removing what it finds, post the log please but dont bother if nothing is found.
Then run aswMBR just to scan, dont fix anything and post that log.
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
ken545,
I'm glad to finally be at the point to run the scans and produce logs. A big thanks to you!
Here are the results:
Malware bytes - No malicious items were detected.
aswMBR - downloaded the latest Avast! virus definitions - attached produced txt file.
OTL completed with no issues - logs listed below (Lots of things in log I have no idea what they are or where the came from.)
OTL.txt:
OTL logfile created on: 2/14/2012 10:12:40 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Brenda Poland\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.07 Mb Total Physical Memory | 536.63 Mb Available Physical Memory | 52.50% Memory free
30.20 Gb Paging File | 29.89 Gb Available in Paging File | 98.99% Paging File free
Paging file location(s): C:\pagefile.sys 30000 50000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 83.72 Gb Free Space | 58.07% Space Free | Partition Type: NTFS
Computer Name: D6KX9PB1 | User Name: Brenda Poland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccHPEC.DLL ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccFLIB.DLL ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcccfg.dll ()
MOD - C:\WINDOWS\system32\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlccdrec.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/07/24 20:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 10:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/16 10:40:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/24 20:08:03 | 000,000,000 | ---D | M]
[2010/08/19 10:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/17 08:49:17 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\searchplugins\search.xml
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2012/02/10 09:38:18 | 000,442,741 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 15219 more lines...
O2 - BHO: (Reg Error: Value error.) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT1\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.0.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A9F30A-15CF-4635-8B39-9399F6194D80}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/02/14 09:29:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/13 13:30:17 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/10 18:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\My Documents\Downloads
[2012/02/09 15:05:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/09 10:23:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/09 10:15:24 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 10:14:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/09 10:14:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/09 10:14:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/09 10:14:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/09 10:12:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 08:59:55 | 004,399,011 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/08 19:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Application Data\Malwarebytes
[2012/02/08 19:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/08 19:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/08 19:54:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/08 19:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/08 19:53:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:07:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/08 13:38:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/02/08 13:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT1
[2012/02/08 13:34:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/08 13:05:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brenda Poland\Recent
[2012/02/08 09:12:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/08 09:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/07 13:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2012/02/07 13:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01
[2012/01/23 08:18:04 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2006/08/28 22:19:24 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/08/28 22:19:24 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/08/28 22:19:24 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/08/28 22:19:24 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/08/28 22:19:24 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/08/28 22:19:24 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2006/08/28 22:19:24 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/08/28 22:19:24 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/08/28 22:19:24 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2006/08/28 22:19:24 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/08/28 22:19:24 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/02/14 10:02:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/14 10:01:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/14 09:29:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/14 09:02:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/14 08:01:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/14 08:01:42 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/13 21:53:00 | 000,024,030 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2012/02/13 20:40:27 | 000,057,952 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:36 | 000,058,184 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/13 14:06:57 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 13:30:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/13 13:16:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/10 09:38:18 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/09 21:18:09 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:28:08 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120210-093818.backup
[2012/02/09 18:20:22 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 18:18:50 | 002,041,278 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 15:49:35 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 15:24:40 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-182808.backup
[2012/02/09 13:33:02 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/09 12:29:52 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-152440.backup
[2012/02/09 10:23:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2012/02/09 09:57:51 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-122952.backup
[2012/02/09 08:59:55 | 004,399,011 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/09 08:47:09 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-095750.backup
[2012/02/08 21:40:55 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 21:30:33 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-084709.backup
[2012/02/08 21:10:13 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-213033.backup
[2012/02/08 20:51:04 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:54:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:53:51 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:12:04 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 19:09:22 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-211013.backup
[2012/02/08 19:03:32 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:38:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:40 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/08 13:35:19 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/08 13:30:20 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-190922.backup
[2012/02/08 09:37:50 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-133019.backup
[2012/02/07 19:53:01 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-093749.backup
[2012/02/07 15:51:32 | 000,043,876 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:43 | 001,339,719 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:12 | 000,859,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2012/02/06 18:38:34 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120207-195300.backup
[2012/02/06 17:15:05 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-183833.backup
[2012/02/06 16:04:30 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-171505.backup
[2012/02/06 14:51:15 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-160430.backup
[2012/02/06 12:14:23 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-145115.backup
[2012/02/06 10:42:46 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-121423.backup
[2012/02/04 16:58:55 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-104246.backup
[2012/01/31 11:02:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/30 22:56:20 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\Silicone Space Station Guide.wps
[2012/01/30 22:08:55 | 000,441,842 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120204-165854.backup
[2012/01/25 20:31:40 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/01/23 08:18:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/22 09:45:11 | 000,441,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120130-220854.backup
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/14 10:01:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/13 20:40:22 | 000,057,952 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:27 | 000,058,184 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/09 19:49:47 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:18:39 | 002,041,278 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:57 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 13:59:50 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 12:26:58 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/09 10:23:21 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/02/09 10:23:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/09 10:14:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/09 10:14:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/09 10:14:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/09 10:14:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/09 10:14:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/09 08:58:05 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/08 21:40:52 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 19:54:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:40:26 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:11:58 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 15:32:00 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:36:40 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/07 15:51:32 | 000,043,876 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:30 | 001,339,719 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:07 | 000,859,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2010/08/10 15:59:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\housecall.guid.cache
[2010/03/10 10:47:47 | 000,000,186 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 11:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/16 08:56:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/12 13:13:58 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/10 09:21:56 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/10 09:21:56 | 000,003,453 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/03/01 15:46:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/01 10:17:24 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/03/01 08:01:34 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/03/01 08:01:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/12/03 08:40:28 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/02 11:56:46 | 000,024,030 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2006/09/04 14:54:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/09/04 14:21:18 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\fusioncache.dat
[2006/08/28 23:05:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/28 22:59:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/28 22:53:47 | 000,000,779 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/28 22:50:37 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/28 22:47:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/28 22:19:24 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/08/28 22:19:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/08/28 22:19:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/08/28 22:19:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/08/28 22:19:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/08/28 22:19:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/08/28 22:19:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/08/28 22:19:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/08/28 22:19:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/08/28 22:19:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/28 22:18:58 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/08/28 22:18:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,553,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,117,452 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 13:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
========== LOP Check ==========
[2005/08/16 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/08/28 17:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/08/19 17:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011/09/22 15:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/07/24 20:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/04/19 18:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2006/08/28 22:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/23 16:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Amazon
[2007/03/01 09:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\BellSouth
[2006/09/17 15:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Leadertech
[2011/08/19 17:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\PC Suite
[2006/09/07 08:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Simple Star
[2007/08/07 17:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Souptoys
[2006/12/02 11:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Template
[2006/11/19 07:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Walgreens
[2006/10/02 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\EarthLink Toolbar
[2006/09/08 06:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Poland\Application Data\EarthLink Toolbar
========== Purity Check ==========
< End of report >
Here is the Extras.txt:
OTL Extras logfile created on: 2/14/2012 10:12:41 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Brenda Poland\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.07 Mb Total Physical Memory | 536.63 Mb Available Physical Memory | 52.50% Memory free
30.20 Gb Paging File | 29.89 Gb Available in Paging File | 98.99% Paging File free
Paging file location(s): C:\pagefile.sys 30000 50000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 83.72 Gb Free Space | 58.07% Space Free | Partition Type: NTFS
Computer Name: D6KX9PB1 | User Name: Brenda Poland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{566FE0E6-599E-4324-A733-613CC2A19ACA}" = Before You Know It 3.6
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security 14
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BellSouth" = BellSouth FastAccess DSL Help Center
"BellSouth Application Management" = BellSouth Application Management
"blstoolbar" = BellSouth Toolbar 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"PhotoShow Express" = PhotoShow Express
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = BellSouth Internet Security - Alert Manager 1.3.20
"RealFlightBasic" = RealFlight Basic R/C Simulator
"RealPlayer 6.0" = RealPlayer Basic
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TmPcc" = Trend Micro PC-cillin Internet Security 14
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/8/2012 10:54:10 AM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =
Error - 2/8/2012 1:29:12 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =
Error - 2/8/2012 1:59:05 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =
Error - 2/8/2012 2:13:04 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =
Error - 2/8/2012 2:15:52 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =
Error - 2/8/2012 8:59:38 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =
Error - 2/8/2012 9:01:34 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =
Error - 2/8/2012 9:54:16 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =
Error - 2/8/2012 10:05:08 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =
Error - 2/9/2012 9:42:47 AM | Computer Name = D6KX9PB1 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail
[ System Events ]
Error - 2/10/2012 4:20:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 2/10/2012 4:20:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 2/10/2012 4:35:00 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 2/10/2012 4:35:00 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.
Error - 2/10/2012 5:05:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 2/10/2012 5:05:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 60 minutes. NtpClient has no source of accurate
time.
Error - 2/10/2012 6:05:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 120 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 2/10/2012 6:05:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 120 minutes. NtpClient has no source of accurate
time.
Error - 2/10/2012 8:05:02 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 240 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 2/10/2012 8:05:02 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 240 minutes. NtpClient has no source of accurate
time.
< End of report >
The scans did find more malware. I did not run any fixes.
Please let me know what the next will be.
Many thanks,
Jess
Jess, most of what we are removing are infected entries for your hosts file.
I did not see the attached aswMBR log, you can just go ahead and copy and paste it in
Open OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code::processes killallprocesses :OTL [2012/02/09 18:28:08 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120210-093818.backup [2012/02/09 09:57:51 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-122952.backup [2012/02/09 12:29:52 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-152440.backup [2012/02/09 09:57:51 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-122952.backup [2012/02/09 08:47:09 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-095750.backup [2012/02/08 21:30:33 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-084709.backup [2012/02/08 21:10:13 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-213033.backup [2012/02/08 19:09:22 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-211013.backup [2012/02/08 13:30:20 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-190922.backup [2012/02/08 09:37:50 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-133019.backup [2012/02/07 19:53:01 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-093749.backup [2012/02/06 18:38:34 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120207-195300.backup [2012/02/06 17:15:05 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-183833.backup [2012/02/06 16:04:30 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-171505.backup [2012/02/06 14:51:15 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-160430.backup [2012/02/06 12:14:23 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-145115.backup [2012/02/06 10:42:46 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-121423.backup [2012/02/04 16:58:55 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-104246.backup [2012/01/22 09:45:11 | 000,441,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120130-220854.backup O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe O3 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. :Services :Reg :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [start explorer] [Reboot]- Then click the Run Fix button at the top. <--Not run Scan
- Let the program run unhindered, reboot when it is done
- Then post the results of the log it produces.
- Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Sorry ken545, I thought I had attached the aswMBR log. Here is the log for your review while I remove the unwanted infected entries.
BTW, I found this unusual file in C:\Program Files\Dl_cats with an upload and userid and password with a link. Would you please take a look at it and let me know if it is legit. I've changed the folder name but it keeps changing back to the original.
I'll post my other two log results as soon as the program finish.
As always, thanks so much,
Jess
Jess, still some malware present, I want to run Combofix as aswMBR found a bad entry but I want to wait to see the OTL logs from both the fix and the new scan.
FYI
Do you have a lexmark printer?
If so both dl_cats and lx_cats are part of that. I think that they report ink and printer utilization and other stuff back to lexmark.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
ken545,
My machine was worse off than I thought.
I have a Dell printer, probably a re-branded Lexmark. Thanks for look at that. Any way to get rid of it??
No problems running the fix or the new scan... making progress!!
Here is the log for the fix:
All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.20120210-093818.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120209-122952.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120209-152440.backup moved successfully.
File C:\WINDOWS\System32\drivers\etc\hosts.20120209-122952.backup not found.
C:\WINDOWS\system32\drivers\etc\hosts.20120209-095750.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120209-084709.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120208-213033.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120208-211013.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120208-190922.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120208-133019.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120208-093749.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120207-195300.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-183833.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-171505.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-160430.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-145115.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-121423.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-104246.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120130-220854.backup moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry value HKEY_USERS\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Brenda Poland\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Brenda Poland\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Brenda Poland
->Temp folder emptied: 72750568 bytes
->Temporary Internet Files folder emptied: 52977253 bytes
->Java cache emptied: 9251626 bytes
->FireFox cache emptied: 56878256 bytes
->Flash cache emptied: 1718 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56502 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65938 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Poland Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 405 bytes
User: Randy Poland
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 152081 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 54721825 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 185972 bytes
RecycleBin emptied: 28438054 bytes
Total Files Cleaned = 263.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02142012_133304
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_204.dat not found!
Registry entries deleted on Reboot...
Here is the new OTL scan log:
OTL logfile created on: 2/14/2012 1:40:27 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Brenda Poland\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.07 Mb Total Physical Memory | 324.07 Mb Available Physical Memory | 31.71% Memory free
30.20 Gb Paging File | 29.65 Gb Available in Paging File | 98.17% Paging File free
Paging file location(s): C:\pagefile.sys 30000 50000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 83.98 Gb Free Space | 58.24% Space Free | Partition Type: NTFS
Computer Name: D6KX9PB1 | User Name: Brenda Poland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security 14\PcSSE.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security 14\tmdbg.dll ()
MOD - C:\WINDOWS\system32\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlccdrec.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/07/24 20:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 10:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/16 10:40:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/24 20:08:03 | 000,000,000 | ---D | M]
[2010/08/19 10:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/17 08:49:17 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\searchplugins\search.xml
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2012/02/14 13:33:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT1\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.0.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A9F30A-15CF-4635-8B39-9399F6194D80}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/02/14 13:33:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/14 09:29:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/13 13:30:17 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/10 18:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\My Documents\Downloads
[2012/02/09 15:05:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/09 10:23:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/09 10:15:24 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 10:14:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/09 10:14:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/09 10:14:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/09 10:14:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/09 10:12:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 08:59:55 | 004,399,011 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/08 19:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Application Data\Malwarebytes
[2012/02/08 19:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/08 19:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/08 19:54:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/08 19:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/08 19:53:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:07:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/08 13:38:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/02/08 13:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT1
[2012/02/08 13:34:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/08 13:05:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brenda Poland\Recent
[2012/02/08 09:12:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/08 09:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/07 13:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2012/02/07 13:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01
[2012/01/23 08:18:04 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2006/08/28 22:19:24 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/08/28 22:19:24 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/08/28 22:19:24 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/08/28 22:19:24 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/08/28 22:19:24 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/08/28 22:19:24 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2006/08/28 22:19:24 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/08/28 22:19:24 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/08/28 22:19:24 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2006/08/28 22:19:24 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/08/28 22:19:24 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/02/14 13:35:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/14 13:35:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/14 13:35:04 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/14 13:33:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/14 13:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/14 10:01:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/14 09:29:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/13 21:53:00 | 000,024,030 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2012/02/13 20:40:27 | 000,057,952 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:36 | 000,058,184 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/13 14:06:57 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 13:30:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/13 13:16:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/10 09:38:18 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120214-132629.backup
[2012/02/09 21:18:09 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:20:22 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 18:18:50 | 002,041,278 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 15:49:35 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 15:24:40 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-182808.backup
[2012/02/09 13:33:02 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/09 10:23:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2012/02/09 08:59:55 | 004,399,011 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/08 21:40:55 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 20:51:04 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:54:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:53:51 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:12:04 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 19:03:32 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:38:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:40 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/08 13:35:19 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/07 15:51:32 | 000,043,876 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:43 | 001,339,719 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:12 | 000,859,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2012/01/31 11:02:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/30 22:56:20 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\Silicone Space Station Guide.wps
[2012/01/30 22:08:55 | 000,441,842 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120204-165854.backup
[2012/01/25 20:31:40 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/01/23 08:18:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/14 10:01:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/13 20:40:22 | 000,057,952 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:27 | 000,058,184 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/09 19:49:47 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:18:39 | 002,041,278 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:57 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 13:59:50 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 12:26:58 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/09 10:23:21 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/02/09 10:23:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/09 10:14:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/09 10:14:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/09 10:14:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/09 10:14:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/09 10:14:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/09 08:58:05 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/08 21:40:52 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 19:54:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:40:26 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:11:58 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 15:32:00 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:36:40 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/07 15:51:32 | 000,043,876 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:30 | 001,339,719 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:07 | 000,859,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2010/08/10 15:59:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\housecall.guid.cache
[2010/03/10 10:47:47 | 000,000,186 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 11:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/16 08:56:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/12 13:13:58 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/10 09:21:56 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/10 09:21:56 | 000,003,453 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/03/01 15:46:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/01 10:17:24 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/03/01 08:01:34 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/03/01 08:01:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/12/03 08:40:28 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/02 11:56:46 | 000,024,030 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2006/09/04 14:54:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/09/04 14:21:18 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\fusioncache.dat
[2006/08/28 23:05:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/28 22:59:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/28 22:53:47 | 000,000,779 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/28 22:50:37 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/28 22:47:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/28 22:19:24 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/08/28 22:19:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/08/28 22:19:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/08/28 22:19:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/08/28 22:19:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/08/28 22:19:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/08/28 22:19:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/08/28 22:19:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/08/28 22:19:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/08/28 22:19:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/28 22:18:58 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/08/28 22:18:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,553,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,117,452 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 13:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
< End of report >
Thanks for your help,
Jess
Jess,
Those files are related to this printer, Dell Photo AIO Printer 924, there not harmful so just leave them be
You had so many back up entries for the hosts file that I may have missed these
Open OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code::processes killallprocesses :OTL [2012/02/10 09:38:18 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120214-132629.backup [2012/02/09 15:24:40 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-182808.backup :Services :Reg :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [CLEARALLRESTOREPOINTS] [emptytemp] [start explorer] [Reboot]- Then click the Run Fix button at the top. <--Not run Scan
- Let the program run unhindered, reboot when it is done
- Then post the results of the log it produces.
- Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
ken545,
Thank you for being so thorough.
Here is the log from the OTL fix:
All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.20120214-132629.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120209-182808.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Brenda Poland\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Brenda Poland\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Brenda Poland
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29772347 bytes
->Flash cache emptied: 291 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Poland Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Randy Poland
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 29.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02142012_185913
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_62c.dat not found!
Registry entries deleted on Reboot...
Here is the log from the new OTL scan:
OTL logfile created on: 2/14/2012 7:04:56 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Brenda Poland\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.07 Mb Total Physical Memory | 323.80 Mb Available Physical Memory | 31.68% Memory free
30.20 Gb Paging File | 29.65 Gb Available in Paging File | 98.18% Paging File free
Paging file location(s): C:\pagefile.sys 30000 50000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 84.04 Gb Free Space | 58.29% Space Free | Partition Type: NTFS
Computer Name: D6KX9PB1 | User Name: Brenda Poland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security 14\PcSSE.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security 14\tmdbg.dll ()
MOD - C:\WINDOWS\system32\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlccdrec.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&...suk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/07/24 20:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 10:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/16 10:40:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/24 20:08:03 | 000,000,000 | ---D | M]
[2010/08/19 10:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/17 08:49:17 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\searchplugins\search.xml
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2012/02/14 18:59:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT1\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.0.cab (DLM Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/02/14 13:33:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/14 09:29:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/13 13:30:17 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/10 18:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\My Documents\Downloads
[2012/02/09 15:05:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/09 10:23:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/09 10:15:24 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 10:14:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/09 10:14:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/09 10:14:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/09 10:14:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/09 10:12:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 08:59:55 | 004,399,011 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/08 19:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Application Data\Malwarebytes
[2012/02/08 19:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/08 19:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/08 19:54:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/08 19:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/08 19:53:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:07:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/08 13:38:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/02/08 13:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT1
[2012/02/08 13:34:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/08 13:05:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brenda Poland\Recent
[2012/02/08 09:12:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/08 09:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/07 13:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2012/02/07 13:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01
[2012/01/23 08:18:04 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2006/08/28 22:19:24 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/08/28 22:19:24 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/08/28 22:19:24 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/08/28 22:19:24 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/08/28 22:19:24 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/08/28 22:19:24 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2006/08/28 22:19:24 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/08/28 22:19:24 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/08/28 22:19:24 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2006/08/28 22:19:24 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/08/28 22:19:24 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/02/14 19:02:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/14 19:01:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/14 19:01:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/14 19:01:14 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/14 18:59:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/14 10:01:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/14 09:29:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/13 21:53:00 | 000,024,030 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2012/02/13 20:40:27 | 000,057,952 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:36 | 000,058,184 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/13 14:06:57 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 13:30:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/13 13:16:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/09 21:18:09 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:20:22 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 18:18:50 | 002,041,278 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 15:49:35 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 13:33:02 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/09 10:23:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2012/02/09 08:59:55 | 004,399,011 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/08 21:40:55 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 20:51:04 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:54:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:53:51 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:12:04 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 19:03:32 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:38:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:40 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/08 13:35:19 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/07 15:51:32 | 000,043,876 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:43 | 001,339,719 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:12 | 000,859,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2012/01/31 11:02:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/30 22:56:20 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\Silicone Space Station Guide.wps
[2012/01/30 22:08:55 | 000,441,842 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120204-165854.backup
[2012/01/25 20:31:40 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/01/23 08:18:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/14 10:01:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/13 20:40:22 | 000,057,952 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:27 | 000,058,184 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/09 19:49:47 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:18:39 | 002,041,278 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:57 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 13:59:50 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 12:26:58 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/09 10:23:21 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/02/09 10:23:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/09 10:14:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/09 10:14:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/09 10:14:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/09 10:14:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/09 10:14:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/09 08:58:05 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/08 21:40:52 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 19:54:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:40:26 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:11:58 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 15:32:00 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:36:40 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/07 15:51:32 | 000,043,876 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:30 | 001,339,719 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:07 | 000,859,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2010/08/10 15:59:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\housecall.guid.cache
[2010/03/10 10:47:47 | 000,000,186 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 11:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/16 08:56:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/12 13:13:58 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/10 09:21:56 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/10 09:21:56 | 000,003,453 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/03/01 15:46:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/01 10:17:24 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/03/01 08:01:34 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/03/01 08:01:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/12/03 08:40:28 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/02 11:56:46 | 000,024,030 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2006/09/04 14:54:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/09/04 14:21:18 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\fusioncache.dat
[2006/08/28 23:05:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/28 22:59:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/28 22:53:47 | 000,000,779 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/28 22:50:37 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/28 22:47:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/28 22:19:24 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/08/28 22:19:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/08/28 22:19:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/08/28 22:19:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/08/28 22:19:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/08/28 22:19:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/08/28 22:19:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/08/28 22:19:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/08/28 22:19:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/08/28 22:19:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/28 22:18:58 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/08/28 22:18:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,553,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,117,452 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 13:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
< End of report >
The OTL program seems to be comprehensive and powerful in the right hands.... and dangerous in the (uneducated) wrong hands.
Gratefully, one who is unknowing.
Jess
Posting Permissions
